Which of the following choices is not considered a vector for testing a web application's security robustness?

Static code analysis is a technique used to examine the source code of a web application for vulnerabilities without running the program. It identifies security flaws, coding standards violations, and other issues by analyzing the code structure and logic directly. While it is an essential part of ensuring code quality and may uncover security weaknesses, it does not serve as an external vector that interacts with the application via its user inputs or interfaces, which is often the focus when assessing a web application's security robustness.

In contrast, file input methods, AJAX input, and database queries are all areas where an application can be directly tested for vulnerabilities. These interactions can reveal how the application handles input data, processes that data, and communicates with databases, making them critical vectors for assessing potential security threats like injection attacks or improper input handling. Thus, static code analysis stands apart because it evaluates the codebase rather than examining the application’s operational aspects in a testing context.