<![CDATA[In today’s digital era, ensuring website security is crucial, especially in the education sector which is frequently targeted by cyber attacks. This research aims to test security of the Universitas Internasional Batam (UIB) website using OWASP ZAP and Nessus. The method will be used in this research was vulnerability assessment. It will involve gathering information with the tools such as, Nmap, whois and nslookup. OWASP ZAP detected 11 vulnerabilities, categorized into 6 medium level and 5 low level, including Content Security Policies (CSP) and anti-clickjacking headers. Otherwise, Nessus only detected one medium level vulnerability, the absence of HTTP Strict Transport Security (HSTS). The difference in detection results from the tools that OWASP ZAP is better at finding web application weakness that are consistent with the OWASP Top Ten 2021, while Nessus specifically targets server and network configuration. For educational institutions, these results emphasize the importance of conducting regular vulnerability assessment to protect sensitive data. Recommended action include implementing CSP to prevent Cross-site scripting (XSS) and other injection attacks, enforcing HSTS to secure communication, and its recommend to updating software to mitigate the unknown vulnerabilities. By adopting these measures, institutions can reduce their exposure to cyber attacks, its also can maintain user trust, and strengthen overall security. This research provides a pratical framework for stregthening the security of educational websites against evolving threats. These findings highlight that the importance of using multiple tools can provide a more comprehensive view of security gaps.]]>
