New trends in the information technology era such as cloud, big data, Internet of Things, and artificial intelligence. Enterprises are not actively building many service-related services information systems to build a fast and convenient connection between customers and enterprises. This research intends to understand whether there is any unfunded vulnerability in the external service information system of the enterprise through the actual information security attack and defense drills and to immediately repair and strengthen its security protection capabilities, as well as the exercise of the information security offensive and defensive team. The major website penetration testing tools used are Hydra, NMAP, Burp Suite Professional. At the meantime, the novice investigators may gain some hands-on experience on website vulnerability for improving their penetration skills.