<![CDATA[The development of information technology has encouraged the digitization of scientific publications through e-journals, which facilitate access and distribution of scientific papers online. Mulawarman University uses Open Journal Systems (OJS) as a publication platform but still relies on version 2 which has several security gaps. This research aims to analyse the level of security vulnerabilities on the e-journals website of Mulawarman University using the penetration testing method based on NIST SP 800-115 and OWASP Top 10 parameters in 2021. This method includes four main stages: planning, discovery, attack, and reporting. Testing was conducted using various tools to identify and validate security holes. The results found 27 vulnerabilities, consisting of 1 high risk, 6 medium risk, 13 low risk, and 7 informational. Some of the main vulnerabilities that were successfully validated include Cross-Site Scripting, Clickjacking, Session Hijacking, Information Disclosure, and Cross-Site Request Forgery. These findings indicate significant weaknesses in access control, security configuration, and session management. Each vulnerability was analysed to understand its impact on data integrity and confidentiality. Proposed remediation recommendations include strengthening security header configuration, input/output validation, and removal of unnecessary system information. This research provides empirical insight into specific vulnerabilities in OJS version 2 at Mulawarman University, which has never conducted penetration testing with a framework using international standards, which is an original contribution to efforts to improve the security of academic publication systems.]]>
