<![CDATA[Advances in web technology drive the need for digital system security, including academic websites that are vulnerable to cyberattacks. This study aims to analyze the vulnerabilities of a university website in Surabaya using the OWASP Top 10 standards and black-box penetration testing. Testing was conducted by analyzing HTTP configuration, SSL/TLS, malware, DNS, and email security. The results indicate dominant vulnerabilities in the Security misconfiguration and Security logging and monitoring failures categories, with an F grade for HTTP Security headers, support for legacy TLS protocols, and the absence of SPF and DMARC. Thirty-seven potential malware files were also identified. Key recommendations include system updates, enhanced security configurations, and the implementation of email authentication policies to improve the cyber resilience of academic websites.Kemajuan teknologi web mendorong kebutuhan akan keamanan sistem digital, termasuk pada website akademik yang rentan terhadap serangan siber. Penelitian ini bertujuan menganalisis kerentanan sebuah website universitas di Surabaya berdasarkan standar OWASP Top 10 menggunakan metode black-box penetration testing. Pengujian dilakukan melalui analisis konfigurasi HTTP, SSL/TLS, malware, serta keamanan DNS dan email. Hasil menunjukkan kerentanan dominan pada kategori Security misconfiguration dan Security logging and monitoring failures, dengan nilai F pada HTTP Security headers, dukungan protokol TLS lama, serta ketiadaan SPF dan DMARC. Ditemukan pula 37 file potensial malware. Rekomendasi utama meliputi pembaruan sistem, penguatan konfigurasi keamanan, dan penerapan kebijakan autentikasi email untuk meningkatkan ketahanan siber website akademik]]>
Copyrights © 2026
