At this time in the rapid development of technology, there must be advantages and disadvantages of a system or technology that was created. Within the scope of the website, there are also many security holes that irresponsible parties can enter. The state of the website at the Telkom Purwokerto Institute of Technology, both University and Faculty websites, already uses Hypertext Transfers Protocol Secure (HTTPS). This study used the Information System Security Assessment Framework (ISSAF) and Open Web Application Project (OWASP) frameworks with the Penetration Testing method. This study aims to determine vulnerabilities on the website s1if.ittelkom-pwt.ac.id. The result of performing vulnerabilities is several vulnerabilities to the Institut Teknologi Telkom Purwokerto (ITTP) Informatics Study Program website, including not updating jquery on the ITTP website. Ten tests have been carried out, five tests using ISSAF and five tests using OWSP version 4. When performing vulnerabilities in the ISSAF framework, found robots files.txt on the S1 Informatics website which is quite crucial for s1if.ittelkom-pwt.ac.id website which contains an exploitable sitemap. 

Alfidzar, H., & Zen, B. P. (2022). Implementasi HoneyPy dengan Malicious Traffic Detection System (Maltrail) Menggunakan Analisis Deskriptif guna untuk Mendeteksi Serangan DDOS pada Server. Journal of Informatics Information System Software Engineering and Applications (INISTA), 4(2), 32–45. https://doi.org/10.20895/inista.v4I2.534

Bastian, A., Sujadi, H., & Abror, L. (2020). Analisis Keamanan Aplikasi Data Pokok Pendidikan (Dapodik) Menggunakan Penetration Testing dan SQL Injection. Infotech Journal, 6(2), 65–70. https://doi.org/10.31949/infotech.v6I2.848

Bolanio, J. B., Paredes, R. K., Yoldan, J. A. L., & Acapulco II, R. E. (2021). Network Security Policy for Higher Education Institutions based on ISO Standards. Mediterranean Journal of Basic and Applied Sciences, 5(1), 1–17. https://doi.org/10.1016/S1353-4858(10)70039-8

CNN Indonesia. (2022, January 20). Sistem Keamanan Siber BI Ditembus, Berikut Data yang Dicuri. Retrieved November 8, 2022, from https://www.cnnindonesia.com/teknologi/20220120175527-185-749252/sistem-keamanan-siber-bi-ditembus-berikut-data-yang-dicuri

Dharma, M. A. J. (2005). DOS, DDOS & Cara Penanggulangannya. Universitas Sriwijaya. https://fdokumen.com/document/dos-denial-of-service-halaman-utama-viewbisa-di-tebak-situs-yang.html?page=1

Darmawan, B. I. (2019). Simulasi dan Analisis Encryption Based Ransomware untuk Memetakan Evolusi Ransomware. Universitas Islam Indonesia, Yogyakarta.

Dirgahayu, R. T., Prayudi, Y., & Fajaryanto, A. (2015). Penerapan Metode ISSAF dan OWASP Versi 4 untuk Uji Kerentanan Web Server. Network Engineering Research Operation, 1(3), 190–197. https://doi.org/10.21107/nero.v1I3.29

Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., … Baker, T. (2018). Security Threats to Critical Infrastructure: the Human Factor. Journal of Supercomputing, 74, 4986–5002. https://doi.org/10.1007/s11227-018-2337-2/tables/1

Haeruddin, & Kurniadi, A. (2021). Analisis Keamanan Jaringan WPA2-PSK Menggunakan Metode Penetration Testing (Studi Kasus: TP-Link Archer A6). Conference on Management, Business, Innovation, Education and Socal Sciences, 508–515. Batam: Universitas Internasional Batam.

Hidayatulloh, S., & Saptadiaji, D. (2021). Penetration Testing pada Website Universitas ARS Menggunakan Open Web Application Security Project (OWASP). Jurnal Algoritma, 18(1), 77–86. https://doi.org/10.33364/algoritma/v.18-1.827

Mulyanto, Y., Haryanti, E., & Jumirah. (2021). Analisis Keamanan Website SMAN 1 Sumbawa Menggunakan Metode Vulnerability Asesement. Jurnal Informatika Teknologi Dan Sains, 3(3), 394–400. https://doi.org/10.51401/jinteks.v3I3.1260

Prasetyo, K. A., Idhom, M., & Wahanani, H. E. (2020). Sistem Pencegahan Serangan Bruteforce pada Multiple Server dengan Menggunakan Fail2ban. Jurnal Informatika Dan Sistem Informasi, 1(3), 709–715. https://doi.org/10.33005/jifosi.v1I3.205

Pratama, I. P. A. E., & Wiradarma, A. A. B. A. (2019). Open Source Intelligence Testing Using the OWASP Version 4 Framework at the Information Gathering Stage (Case Study: X Company). International Journal of Computer Network and Information Security, 11(7), 8–12. https://doi.org/10.5815/ijcnis.2019.07.02

Rochman, A., Salam, R. R., & Maulana, S. A. (2021). Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz. Jurnal Indonesia Sosial Teknologi, 2(4), 506–519. https://doi.org/10.36418/jist.v2i4.124

Samsumar, L. D., & Gunawan, K. (2017). Analisis dan Evaluasi Tingkat Keamanan Jaringan Komputer Nirkabel (Wireless LAN); Studi Kasus di Kampus STMIK Mataram. Jurnal Ilmiah Teknologi Infomasi Terapan, 4(1), 73–82. https://doi.org/10.33197/jitter.vol4.iss1.2017.152

Sanjaya, I. G. A. S., Sasmita, G. M. A., & Arsa, D. M. S. (2020). Evaluasi Keamanan Website Lembaga X melalui Penetration Testing Menggunakan Framework ISSAF. Jurnal Ilmiah Merpati, 8(2), 113–124. https://doi.org/10.24843/jim.2020.v08.i02.p05

Sari, W. P., & Putra, I. N. A. P. (2015). Analisis Serangan Hacker Menggunakan Honeypot High Interaction. Jurnal Tiarsie, 14(1). https://doi.org/10.32816/tiarsie.v14i1.16

Sun, C.-C., Hahn, A., & Liu, C.-C. (2018). Cyber Security of a Power Grid: State-of-the-Art. International Journal of Electrical Power & Energy Systems, 99, 45–56. https://doi.org/10.1016/j.ijepes.2017.12.020

Zen, B. P., Gultom, R. A. G., & Reksoprodjo, A. H. S. (2020). Analisis Security Assessment Menggunakan Metode Penetration Testing dalam Menjaga Kapabilitas Keamanan Teknologi Informasi Pertahanan Negara. Jurnal Teknologi Penginderaan, 2(1), 105–122. https://doi.org/10.5121/csit.2018.81714