<![CDATA[In the growing digital era, website security is a critical aspect that must be considered. Vulnerabilities such as Cross-Site Scripting (XSS), Clickjacking, and Man-in-the-Middle can pose serious risks to data integrity and security. Therefore, effective tools are needed to identify and evaluate such vulnerabilities to prevent costly exploitation. This research aims to analyze security vulnerabilities on the website using OWASP ZAP (Zed Attack Proxy) as a penetration testing tool, and provide mitigation recommendations to improve system security. The method used is penetration testing by utilizing OWASP ZAP to identify security vulnerabilities on the website. The research stages include testing, analyzing the results, and preparing mitigation recommendations based on the findings of vulnerabilities such as A01, A03, and A04. The results showed that OWASP ZAP successfully identified various vulnerabilities, including XSS, Clickjacking, and Man-in-the-Middle. Recommended mitigation measures include configuring security headers and protecting sensitive data to prevent exploitation. OWASP ZAP proved to be effective in detecting and evaluating security vulnerabilities on websites. In addition, the tool also raises awareness of the importance of strong security policies. With the implementation of mitigation recommendations, website owners can better protect sensitive data, maintain user trust, and stay safe in an increasingly complex digital environment.]]>
