<![CDATA[Universities, as educational institutions, are potential targets of cyber attacks. This is inevitable problem, one of which the University of Papua (UNIPA). The purpose this research is to find the security gaps the UNIPA website based on OWASP ID in 2021 and implement mitigation. Type of research is quantitative research with Vulnerability Assessment and Penetration Testing Life Cycle (VAPT) method. The VAPT method in research goes through five stages, namely scope, information gathering, vulnerability assessment, risk assessment, and reporting. The object of research is UNIPA website. Data collection uses primary data, the results of scanning the Zed Attack Proxy (ZAP) application. Data obtained from alerts ID, alerts, risk, and OWASP ID as information on vulnerability of UNIPA website. Research data analysis using OWASP ID. The results our findings, the vulnerability of UNIPA website is influenced by two factors, website security weaknesses and user negligence. Vulnerabilities with alerts ID A1, A2, A3, A4 A5, and A6 are a group website security weaknesses. The solution, vulnerabilities need utilize special systems such as anti-CSRF, CSP, CDN, Strict-Transport-Security Header, and timestamp checking so that the website is proportional. Meanwhile, the vulnerability with alerts ID A7 is a classification of user negligence. The solution is users must use the latest version of the browser. Browsers with latest version have X-Content-Type-Options: nosniff security mechanism to prevent sniffing attacks.]]>
