Static Testing And Dynamic Testing: What Are The Differences

Learn about the two important testing techniques Static Testing And Dynamic Testing and the differences between the two:

Testing is Verification and Validation. We all know that it takes 2 Vs to make testing complete.

In today’s article, we will shed some light on Static testing. It is also called Verification. We will learn all about it and pay special emphasis on this because Dynamic testing often receives maximum attention and has innumerable articles detailing it out.

However, no discussion on static testing would be complete without an explanation of what its counterpart, dynamic testing means. Dynamic testing is validation, the other “V”. We will also learn about the key differences between the two techniques.

Static Testing and Dynamic Testing

Static And Dynamic Testing

Dynamic testing is when you are working with the actual system (not some artifact or model that represents the system), providing an input, receiving output, and comparing the output to the expected behavior. It is hands-on working with the system with the intent of finding errors.

During this process, we will understand how the following two common misconceptions about testing are not true:

  1. Testing is an activity that comes at the end
  2. It is performed only by testers and the rest of them have nothing to do

Let us start with a quick reference to the v-model:

STLC V Model

  • On the left-hand side of the V-model, we have activities that are not performed by the QA team.
  • On the right-hand side, we have some of them that are taken care of by the Dev team, some by the testers, and some by users.

Let’s start with – Requirements Gathering. It is performed by the Business Analyst and other higher-level management – the output document for this phase is the Business requirement document, BRD.

The next stage is System Design. System design is a phase where the business requirements are translated into the Functional requirements, in the FRD (Functional requirements document).

When the translation is happening, the Dev team (who is the main actor in this step) is going to go over the BRD document step by step, page by page, and line by line. Even though the primary goal is to consume the business requirements for the sake of translation, the BRD document is getting reviewed in turn.

An Example: Say this is the BRD for a banking site that is big on security. There is a section in the BRD that talks about the password rules for the various users creating an account with the online banking site. One of the rules is: A user cannot use a password that he/she uses for other accounts.

This is not doable. Because, a site can merely suggest how the user should set login credentials but there is no way, this restriction can be imposed. So, this requirement is not feasible – in other words, it cannot be accomplished through the software.

Let us now consider the following points based on this example:

  1. How is it determined that this requirement is not buildable and so, cannot be tested (in other words, not feasible)? Do we have the bank’s site and then do we set the login and password – and then realize that this is not being possible? No, we are simply basing this on our review of the BRD and of course some common business sense.
  2. Are we testing this requirement? Sure, but purely based on the theoretical, conceptual sense but not on the actual AUT (Application under Test).
  3. What is the physical form of this test? -A simple reading or a formal review of the BRD or an even more formal feasibility analysis of the business requirements.

Coming back to our misconceptions:

  1. Who is performing this review of the BRD? – Mostly the dev team and other technical teams that are responsible for creating the product. Not testers.
  2. Is this review going on at the end of the product creation? No, at the very initial stage of project development. Hence, not just the end.

Static Testing Techniques:

To summarize, static testing is the verification part of software testing that follows the methods of:

  • Document reviews
  • Walkthroughs
  • Inspection
  • Feasibility analysis or any other form of analysis to determine if the software is what it should be or not
  • Code review

To quote the CSTE CBOK, “Verification answers the question, “Did we build the right system?” while validations addresses, “Did we build the system right?”

The following are all the static testing activities that happen on the left-hand side of the V-model.

SDLC stageOutput VerifiesActors
Business requirement gatheringBRD (Business Requirement document)Scope document (if any)
System requirement designFRD(Functional requirement document)Reviews/verifies the BRDDev, Technical teams
Technical requirements designTDD (Technical Design Document)Reviews/verifies the FRDDev, Technical teams
Design (code)CodeReviews/verifies the TDD. Code review by the dev team for completeness, format etc.Dev, Technical teams

Note: This information can be extrapolated for projects following any development methodologies as the steps are going to be more or less similar.

On the right-hand side of the V-model is validation.

Dynamic Testing Techniques:

The Unit, integration, system, and UAT phases are all about creating tests to be performed on the AUT during various stages of its development. Even though the tests are targeted at validating different kinds of requirements, they are all tests all the same.

So, any form of testing where we have a test that needs to be executed on an AUT and its output is required to determine the outcome of the test (successful or not) – it is validation.

Now, would it be ok to generalize that on the right-hand side (RHS) of the V-model there is no verification at all? The answer is, No.

All the tests that get created at each stage on the RHS are reviewed several times during the test creation/finalizing stage. Read about the detailed process of test documentation review here.

On the RHS:

  • Tests and code are reviewed in the Unit/Integration testing stages by the developers.
  • System Tests undergo a peer review during their documentation and upon completion undergo a review by the dev team and Business analyst.
  • UAT tests undergo a review by the QA team as well as the users before the UAT begins.

Static Testing Vs Dynamic Testing

Let us now understand the differences between these two important testing techniques:

Static TestingDynamic Testing
Also known as Verification testing.Also known as validation testing.
Does not require execution of the source code.Requires execution of the source code.
Static testing is all about prevention of the defectsDynamic testing is all about detecting the defects
It involves the documents, checklists, and a process to be followedIt involves the source code and the test cases for execution
No code compilation neededCode should be compiled and in executable situation.
Cost of fixing the defects found is lessCost of fixing the defects found is more
Done in early stages of the development life cycleDone in later stages of the development life cycle.
Requires lots of meetingsRequires fewer meetings
This testing is done before code deploymentThis testing is done after code deployment
Performs a dry run on the code as part of the static analysis of the code.Code is fully analyzed for different paths by executing it.
Static testing covers the structural and statement coverage testing.Dynamic testing covers the executable file of the code.
It includes the following items for testing:It includes the following items for testing:
?        Requirement document?        Unit tests
?        Design documents?        Integration tests
?        Program specifications?        System tests
?        GUI wireframes ?        Security tests
?        Performance tests
?        User acceptance tests
It consists of reviews, walkthrough, inspection and static analysis of code.It consists of functional testing, non-functional testing and data/control flow analysis.
Some of the tools used for Static testing are:
* Soot
* Eclipse
* Checkstyle
* Clang
* Sonarqube
* Source meter
Some of the tools used for dynamic testing are:
* ValGrind
* Procmon
* DroidBox
* Diakon
* BoundsChecker


In conclusion, static testing is an important testing technique that takes the form of Business requirement review, Functional requirement review, design reviews, code walkthroughs, and test documentation review. It is a continuous activity and not done just by testers.

Validation, the dynamic testing part is more hands-on and happens on the product itself and not on an artifact or a representation of the product. A much formal process of test case/condition identification, coverage considerations, execution, and defect reporting all mark the dynamic testing methods.

About Author: This article is written by STH team member Swati S.

Please share your comments, questions, and experiences on the static and dynamic testing topic.


Recommended Reading

20 thoughts on “Static Testing And Dynamic Testing: What Are The Differences”

  1. Good one as always.

  2. nice and clear explanation

  3. Good article
    Thanks for posting such types of article.
    I have one question here-
    You say static testing not done by tester.
    Pls tell me who perform this type of testing in v model, who test all of the documents(BRD, FRD, TDD).

    • You’re welcome

  4. Hi Amit Sharma,
    In the article, mentioned as “Static testing is not done JUST by testers”.
    QA Team plays major role in Static and QC Team plays major role in Dynamic.
    Even in Dynamic Testing, experts (who are not testers) in a particular domain do the Testing(Exploratory Testing or Adhoc)

  5. do we need test the operating system for ecommerce website for compatiblility.?

  6. @Amit Sharna: thank you for your question. Anybody who is reading or reviewing the document might be considered as static testers. This might be dev, ba or client also

  7. @all: thank you for your readership. Thanks rajkumar for your answer

  8. Hi,

    Nice Article!

    Actually the Topic is too deep and wide to elaborate, but you did the good job with it.

    I wanted to know –
    in the table of (activity done in Static Testing) you didn’t mention tester/QA anywhere, why so?
    As per my knowledge tester (at least Leader/Manager) play vital role in a review meeting (walkthrough, Inspection..)

    Please explain!

  9. Really valued article
    and I see that any good QC member should seek to involve him self on both testing, static and dynamic

  10. Please check ur definitions for verification and validations here … i think it should be as … Verification answers the question, “Are we building the system right?” while validation addresses, “Are we building the right system?”

  11. Hi Swati,
    Thanks for sharing this

    Following action, you meant QA’s responsibility? Word “not” should be removed here?
    “On the left hand side of the V-model we have activities that are not performed by the QA team.”

    With your point as above, i assume that documents such as user guide, manual should be conducted by QA team?

  12. @ Sachin: Normally, we are not involved in the code walkthroughs and reviews. This is because, as testers it is not our place to tell the dev team, how to conduct their business…

  13. @Mayur Rathod : Our definitions are correct Mayur. We double-checked 🙂

    Please let me know if you differ and also why

  14. @Thao : I meant the statement as it is on the article. We do not formally review the BRD and FRD. We consume them or use them for our testing and in the process read them as well- so its a review that is not intended to be so.

  15. Thanks for the article, it clarifies a lot, but I think Mayur is right. Verification answers the question: “Are we building the system right?” while validation addresses: “are we building the right system?”.

    You can find this in many sources:

    And so on…

  16. @Swati …. the following definitions are taken from SWEBOK …
    Verification is an attempt to ensure that the
    product is built correctly (can i here not say i m concerned with building the product in a right way), in the sense that the output products of an activity meet the specifications imposed on them in previous activities. Validation is an attempt to ensure that the right product is built (can i here not say i m concerned with building the right product, that means i m checking whether i have built a right product)—that is, the product fulfills its specific intended purpose.

    I have also been through CSTE CBOK Definitions — they are — Verification ensures that the system (software, hardware, documentation, and personnel)
    complies with an organization’s standards and processes, relying on review or non-executable
    methods. Validation physically ensures that the system operates according to plan by
    executing the system functions through a series of tests that can be observed and evaluated.
    Verification answers the question, “Did we build the right system?” while validations
    addresses, “Did we build the system right?”

    CBOK Definitions contradict to SWEBOK definitions. I Would also like to conform my adherence to the SWEBOK definitions bcos SWEBOK is governed by IEEE

  17. Hi,

    I believe the following quote is written the wrong way around:

    To quote the CSTE CBOK, “Verification answers the question, “Did we build the right system?” while validations addresses, “Did we build the system right?”

    Verification: tests against design requirements to ensure the product will work correctly under all anticipated user conditions, i.e. did we design the product right?

    Validation: tests against the user requirements to ensure that the customer received all features and attributes requested, i.e. did we design the right product?

    Cheers, Peter
    Lead Test Engineer
    ResMed Ltd

  18. Hi Swathi, I am beginner to testing and find this article as very helpful one..Can you please help me with some good testing courses to try and join work in Testing?



Leave a Comment