There are different ways and method to measure the security of web application and web browsers, there are different tools available to exploit web browser and for browser side attack like Tabnapping and BeEF.
So you must consider both sides threat to make the security of your web server strong and strong. As discussed before different tools to do a penetration testing on web application.
Beside these wonderful tools if you want to fuzz force (fuzzers) to find the vulnerability that can cause a harm, than iExploder is a good choice to find problems and reliability of a web browser.
iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of web browsers. Available as a full-featured browser harness, standalone webserver or CGI script, it continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes.
- Tests all HTML and CSS attributes that Mozilla, Webkit and other browsers support
- Basic fuzzing for media formats (bmp gif ico jng jpg ogg png snd svg tiff wav xbm xpm)
- Very basic DOM manipulation fuzzing via JS
- HTTP header fuzzing
- CSS Selector fuzzing
- Logic, buffer overflow, and format string testing
- An unlimited amount of repeatable tests
- Sequential and random testcase testing, with the ability to resume (sequential only)
- Tools to help isolate which test crashed the browser, as well as locate backtrace information