<![CDATA[The research focuses on improving the security of information systems in ABC City, specifically on the XYZ website application developed by the Communication and Informatics Office ABC to assist in governmental administration and manage various critical data. This study is motivated by the high incidence of cybersecurity threats in the governmental administration sector, as reported by Badan Siber dan Sandi Negara in November 2023. The primary objective of this research is to identify security vulnerabilities within the XYZ website application. The research employs the Information Systems Security Assessment Framework (ISSAF) as the primary security testing framework and the OWASP Web Security Testing Guide (WSTG) version 4.2 as the guide for the penetration testing phase, one of the stages in ISSAF for validating vulnerabilities. Validated vulnerabilities are further assessed for severity using the OWASP Risk Rating guidelines to estimate the risk and impact of potential attacks on the Communication and Informatics Office ABC. The research methodology uses a black-box testing approach. To ensure a structured approach, it provides security recommendations using the SMAACT method. This research includes a report on the identified vulnerabilities and recommendations that the Communication and Informatics Office ABC can implement to address these vulnerabilities. The findings of this study are expected to provide insights into existing security vulnerabilities within the website application and practical recommendations for improvement, benefiting both the practical context of enhancing information security at the Communication and Informatics Office ABC and the theoretical context as a reference for similar future research.]]>
