As web digital technology advances rapidly, threats to web applications such as hacking, data leaks, and exploitation of web application vulnerabilities are becoming increasingly complex and diverse. Unaddressed security vulnerabilities may result in critical information disclosure, unauthorized data manipulation, and disruption to system operations. This study employs penetration testing with the latest OWASP ZAP version 2.17.0 as the primary security testing tool to perform a systematic vulnerability assessment on the official website of Universitas Widya Dharma Pontianak, with the OWASP Top 10 2025 framework utilized as the benchmark for vulnerability classification and categorization. This study is aim to identify security vulnerabilities that’s undetected on the website, which can open up opportunities for attackers to attack the university's official website, as well to improve the security of the university website. The results show that there are 17 security vulnerabilities, comprising one high category vulnerability, six medium category vulnerabilities, six low category vulnerabilities, and four informational category vulnerabilities. The most frequently found vulnerability category identified was A02 Security Misconfiguration. This study concludes that the OWASP ZAP tool is effective in identifying previously undetected security vulnerabilities, while the OWASP Top 10 2025 framework makes it easier to categorize the security vulnerabilities found on the website.
Copyrights © 2026