This study presents mini penetration testing assessment conducted on the Human Resource Management System (HRMS) hosted at https://hrms.tic.gov.tl. This assessment aims to evaluate the security level of the system by considering the aspects of Confidentiality, Integrity, and Availability (CIA) through several processes, including reconnaissance, vulnerability scanning, and security configuration analysis. The assessment process was conducted using various automated security tools such as Nuclei, Nmap, Subfinder, and Acunetix to identify potential security weaknesses within the web application environment. The testing activities were conducted on November 2025 using passive and semi-active approaches without exploitation activities, in accordance with ethical considerations, organizational authorization, and operational security boundaries. The assessment identified several Low and Informational findings related to missing security headers, insecure cookie configurations, and weak client-side security settings. Although no High or Critical vulnerabilities were identified, the findings should not be interpreted as evidence that the system is fully secure because the assessment scope did not include exploitation or internal infrastructure testing. The results indicate that additional hardening, preventive controls, and continuous security governance mechanisms are still necessary to strengthen the overall security posture of the HRMS environment. Recommendations based on ISO/IEC 27001, Zero Trust principles, and Web Application Firewall protection are proposed to improve organizational cybersecurity resilience.