Locate a any website organization. Next, perform some security reconnaissance to find out as much information as you can about the website. Things to consider might include:
HTML/scripting languages used, and
Are there any submission forms where perhaps an SQL injection attack could be attempted?
What web server software is the site using? (Hint: try using a website such as www.netcraft.com to determine the technologies powering that website).
Utilize Whois style searches to garner footprint and potential information for an attack.