Most people associate testing with executing software.

Running test cases.
Clicking buttons.
Validating outputs.

But some of the most powerful defect detection happens before the code is even executed.

This is called static testing.

According to ISTQB CTFL v4.0.1, static testing involves examining work products without executing them. It focuses on preventing defects early rather than detecting them late.

Let’s explore why this matters.

---

What Is Static Testing?

Static testing evaluates artifacts such as:

• Requirements
• User stories
• Design documents
• Code
• Test cases

Without running the software.

Instead of asking:

Does the system behave correctly?

Static testing asks:

Is this work product correct, consistent, complete, and clear?

---

Static vs Dynamic Testing

Dynamic testing requires execution.
Static testing does not.

Dynamic testing detects defects when the software runs.
Static testing prevents defects before they reach execution.

Both are essential.
But static testing often saves more time and cost.

---

Why Static Testing Is Powerful

Defects found early are cheaper to fix.

A requirement ambiguity discovered during review may take minutes to clarify.

The same ambiguity found after release may require:

• Code refactoring
• Regression testing
• Production patch
• Customer communication

Early defect detection reduces:

• Rework cost
• Project delays
• Risk of production incidents

---

Types of Static Testing

1️⃣ Reviews

Reviews are structured evaluations of work products.

They can be applied to:

• Requirements documents
• Architecture diagrams
• Test cases
• Code

Common review types (covered later in the syllabus):

• Informal review
• Walkthrough
• Technical review
• Inspection

Reviews improve both quality and shared understanding.

---

2️⃣ Static Analysis

Static analysis uses tools to examine code automatically.

Examples:

• Detecting unused variables
• Identifying unreachable code
• Checking coding standard violations
• Finding potential security vulnerabilities

Static analysis tools increase efficiency and consistency.

---

What Defects Can Static Testing Detect?

Static testing is particularly effective at identifying:

• Ambiguous requirements
• Missing acceptance criteria
• Inconsistent terminology
• Logical errors in design
• Coding standard violations
• Security weaknesses

Many of these issues would be expensive to fix later.

---

Example: Requirement Review

Requirement:

“The system should respond quickly.”

Problem:
What does “quickly” mean?

2 seconds?
5 seconds?
Under load?

A review identifies the ambiguity before development starts.

Rewritten requirement:

“The system shall respond within 2 seconds for 95% of transactions under normal load.”

This prevents future defects.

---

Example: Code Static Analysis

A static analysis tool identifies:

• Possible null pointer dereference
• Dead code
• Security vulnerability pattern

These are detected without running the system.

---

Benefits Beyond Defect Detection

Static testing also:

• Improves communication
• Aligns stakeholders
• Enhances documentation quality
• Builds team knowledge
• Reduces misunderstandings

Reviews often reveal requirement gaps that no test execution would catch.

---

When Should Static Testing Be Performed?

As early as possible.

In fact, static testing supports the Shift Left principle introduced earlier in Chapter 2.

The earlier we examine work products, the lower the cost of correction.

---

ISTQB Exam Perspective

For ISTQB Foundation Level, remember:

• Static testing does not require execution.
• It includes reviews and static analysis.
• It can detect defects that dynamic testing cannot.
• It contributes to early defect prevention.

Expect questions comparing static vs dynamic testing advantages.

---

Common Misconceptions

❌ Static testing is only for developers
❌ Reviews are informal discussions
❌ Static testing replaces dynamic testing

Reality:

Static testing complements dynamic testing.

Strong quality strategies use both.

---

Final Thoughts

Static testing shifts quality upstream.

It transforms testing from reactive defect detection into proactive defect prevention.

The best testers don’t just execute tests.

They examine work products critically before code ever runs.

And that mindset makes the biggest difference in real-world projects.