Cenzic's "Web Application Security Trends Report Q1-Q2, 2009" point to the 90 percent of Web applications include data leakage, cross-site attacks, and that the first half of 2009 found that the total number of reported vulnerabilities went up to almost 3100, and the percentage of Web vulnerabilities continued to be dominate at around 78 percent, compared with the weaknesses found in the second half of 2008 increased by 10%. According to the present status of web application security, once the malicious attacks, the post-processing, often cause serious damage. For the reason above, we study Tamkang University web application vulnerability, through scanning tools to detect the potential weakness of web application. The final summary of the 11 methods of attack for testing web applications. Study web application security condition in order to insight into the potential vulnerabilities of web application. Found, Tamkang University of distribution of Web applications vulnerabilities: Information leakage and improper error handling 23.26%; Insecure direct object reference 15.95%; Failure to restrict URL access 14.95% and other 45.84%. The test results, the actual cause viewers, back-end database, administrator password was stolen and other information was to edit, about 21.05%. Stole three important web applications related account and password; modify the content of 5 web applications. Hoped that through the web application vulnerability analysis, and 11 kinds of methods of attack for the defenders and future web applications developers find problems far earlier than the hackers.