This document discusses model-based vulnerability testing (MBVT) for web applications. MBVT aims to improve the accuracy and precision of vulnerability testing. The document outlines the MBVT approach, which includes formalizing vulnerability test patterns, modeling the system under test, generating test cases from the model and test purposes, and adapting and executing the test cases. An example of applying the MBVT approach to the Damn Vulnerable Web Application is provided to test for reflected cross-site scripting vulnerabilities. The document also discusses advantages of MBVT in addressing both technical and logical vulnerabilities, and disadvantages such as effort required to design models, test patterns, and adapters.