Also, do not forget to check the simple things like checking error messages. Overly helpful error messages might be a risk to the system. You might find http://testinggeek.com/webappsec-1.asp useful if you are working on the web application security domain.
Manjula there won't be enough space here to tell you how to carry out Cookie Poisoning and fuzzing anyway I am giving you a link go through the web site and then you would have a fair idea on how to carry out Cookie Poisoning and Fuzzing.
Note that fuzzing is not limited only to the web content. Tools like HTTP fuzzers and TLS fuzzers still break most web applications. And if you are building mobile applications or VoIP applications, you need to look at a different set of fuzzers.
Add fuzzing tools to your QA audits! Hack Yourself! Before others will!