In the case of web security, the administrator usually prepares a large list of attack vectors when perform security testing. Some well-known free vulnerability scanning tools use a list of out-of-the-box attack vectors, while others generate attack vectors based on a known attack syntax format. Although this approach can save a lot of time and labor costs, it is able to only test problems which have been identified, and sometimes the success rate is not high. To increase the efficiency of security testing, we will try to increase the diversity of attack vectors to uncover more vulnerabilities. Therefore, we proposed an automatic security testing system by using artificial intelligence techniques. With the powerful search ability of artificial intelligence for unknown areas, it has the ability to generate pseudo-data features out of thin air so that the attack vectors can be learned and generated. We can take advantage of that to make a second choice to test the website for the administrator.