SUMMARY
The website is needed as source of information which presented in a modern way that can be widely distributed. XYZ website displays information related to profiles, information sanggar Tari in Yogyakarta. Data security needs are reviewed from the need for data protection, loss and damage. XYZ website security is not well considered, this triggers the need to know the various risks of attacks and data weaknesses on the website. Research methods using the Open Web Application Security Project (OWASP) by utilizing software tools called OWASP Zed Attack Proxy (ZAP) are used to test data and information security on a website. This application conducts penetration tests (pentest) to determine the gap in the risk of data vulnerabilities in a website. The pentest results from the XYZ website get 11 data security vulnerabilities. A risk rating is used to determine the vulnerability detection value on xyz website. The assessment results of 11 vulnerabilities get 9 security gaps with Medium level and 2 gaps with Low level. These results are used to take decisions and actions to prevent and address security risks. The Medium level vulnerability category obtained 7 strategies that can be used to improve website security.