Advances in web technology drive the need for digital system security, including academic websites that are vulnerable to cyberattacks. This study aims to analyze the vulnerabilities of a university website in Surabaya using the OWASP Top 10 standards and black-box penetration testing. Testing was conducted by analyzing HTTP configuration, SSL/TLS, malware, DNS, and email security. The results indicate dominant vulnerabilities in the Security misconfiguration and Security logging and monitoring failures categories, with an F grade for HTTP Security headers, support for legacy TLS protocols, and the absence of SPF and DMARC. Thirty-seven potential malware files were also identified. Key recommendations include system updates, enhanced security configurations, and the implementation of email authentication policies to improve the cyber resilience of academic websites.

Kemajuan teknologi web mendorong kebutuhan akan keamanan sistem digital, termasuk pada website akademik yang rentan terhadap serangan siber. Penelitian ini bertujuan menganalisis kerentanan sebuah website universitas di Surabaya berdasarkan standar OWASP Top 10 menggunakan metode black-box penetration testing. Pengujian dilakukan melalui analisis konfigurasi HTTP, SSL/TLS, malware, serta keamanan DNS dan email. Hasil menunjukkan kerentanan dominan pada kategori Security misconfiguration dan Security logging and monitoring failures, dengan nilai F pada HTTP Security headers, dukungan protokol TLS lama, serta ketiadaan SPF dan DMARC. Ditemukan pula 37 file potensial malware. Rekomendasi utama meliputi pembaruan sistem, penguatan konfigurasi keamanan, dan penerapan kebijakan autentikasi email untuk meningkatkan ketahanan siber website akademik

Alimuddin, A. (2021). Penggunaan Internet dan Peluang Berwirausaha di Indonesia. JKB : Jurnal Kewirausahaan Dan Bisnis, 26(2), 112–121. https://doi.org/10.20961/jkb.v26i2.50913

Arief, M. I., Anwar, D. S., & Supriatman, A. (2025). Analisis Kerentanan Website Melalui Pendekatan Penetration Testing Berdasarkan Standar Owasp Top 10 Studi Kasus Simpelmas Universitas XYZ. JEIS: Jurnal Elektro Dan Informatika Swadharma, 5(2), 93–104. https://doi.org/10.56486/jeis.vol5no2.798

Armando, Y., & Rosalina. (2023). Penetration Testing Tangerang City Web Application With Implementing OWASP Top 10 Web Security Risks Framework. JISA : Jurnal Informatika Dan Sains, 6(2), 105–109. https://doi.org/10.31326/jisa.v6i2.1656

Bagaskara, B. A., Idhom, M., & Wahanani, H. E. (2025). Pengujian Website Dinas Sosial Surabaya Menggunakan Metode Penetration Testing dan Owasp Top 10. JIRE : Jurnal Informatika & Rekayasa Elektronika, 8(1), 40–50. https://doi.org/10.36595/jire.v8i1.1375

Hilda, S. D., Heryana, N., & Ridha, A. A. (2024). Website Security Analysis Curug Village Government Using Open Web Application Security Project (OWASP). Jurnal Informatika Dan Teknik Elektro Terapan, 12(3S1), 3951–3958. https://doi.org/10.23960/jitet.v12i3S1.5236

Paramitha, D. I., Farauqi, M. D. A. Al, & Tyas, I. K. D. (2023). Literasi Digital Pengguna Internet Indonesia Guna Mewujudkan Budaya Damai di Ruang Mayantara. Jurnal Kewarganegaraan, 7(1), 292–304. https://doi.org/10.31316/jk.v7i1.5308

Sugara, V. I., & Sriyasa, I. W. (2024). Analisis Keamanan Web Menggunakan Open Web Application Security Web (OWASP). The Indonesian Journal of Computer Science, 13(2), 3315–3327. https://doi.org/10.33022/ijcs.v13i2.3736

Sutabri, T., Wijaya, A., Herdiansyah, M. I., & Negara, E. S. (2024). Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP. Edumatic: Jurnal Pendidikan Informatika, 8(1), 113–122. https://doi.org/10.29408/edumatic.v8i1.25463

Yunanri W., Anto, R., Yuwono, D. T., & Yuliadi. (2021). Deteksi Serangan Vulnerability Pada Open Journal System Menggunakan Metode Black-Box. JIRE : Jurnal Informatika & Rekayasa Elektronika, 4(1), 68–77. https://doi.org/10.36595/jire.v4i1.365

Yusuf, R. R., & Suharsono, T. N. (2023). Pengujian Keamanan Dengan Metode Owasp Top 10 Pada Website Eform Helpdesk. Prosiding Seminar Sosial Politik, Bisnis, Akuntansi Dan Teknik, 402–413. https://doi.org/10.32897/sobat.2023.5.0.3132