The Academic Information System of University Muhammadiyah of Purwokerto is a system that regulates and manages all student academic data. Of course, the academic data is very important and needs to be safeguarded. To find out the level of security of the academic information system, security testing is needed in order to find out the security gap and as an improvement material to make the Academic Information System of the Muhammadiyah University of Purwokerto better. This research phase is based on qualitative methods and uses the website maturity model (SSE-CMM) by using several tools in the form of software and by using the National Institute of Justice (NIJ) Method. Then the tools used in this test are Acunetix Web Vulnerability, Netsparker, Nessus, Havij Pro. The results of the Academic Information System Security Test at Muhammadiyah University of Purwokerto with Acunetix Web Vulnerability found 38 types of vulnerabilities, with Netsparker found 8 types of vulnerabilities, and with Nessus found 17 types of vulnerabilities. Furthermore, this information system is also not vulnerable to SQL Injection, Deface and DDoS attacks.