how can test my website(asp) from Vulnerabilities (OWASP ATTACKS) without program because it doesn't have IP address.
Host it on Local IIS for example. Then access it through the localhost. In case of using ZAP Tool rember to set it for a browser: ZAP Tool you can also use Fiddler4. I recommend ZAP :)