Web-based applications are complex in the structure which results in facing an immense amount of exploiting attacks, so testing should be done in a proactive way in order to identify threats in the applications. The intruder can explore these security loopholes and may exploit the application which results in economical lose, so testing the application becomes a supreme phase of development. The main objective of testing is to secure the contents of applications either through static or automatic approach. The software houses usually follow fuzz based testing in which flaws can be explored by randomly inputting invalid data while on the other hand model-based testing is the automated approach which tests the applications from all perspectives on the basis of an abstract model of the application. The main theme of this research is to study the difference between fuzz based testing and MBT in terms of test coverage, performance, cost and time. This research work guides the web application practitioner in the selection of suitable methodology for different testing scenarios which save efforts imparted on testing and develop better and breaches free product.
