The development of information technology in computer networks is growing very rapidly and flexibly. The internet is a computer network that is commonly used because of its ease of access. This will pose a risk to the distribution of private information. Along with the rapid development of this technology, the threats and disruptions to the performance of this technology become greater. Therefore, it is necessary to test security gaps, because the strength and weakness of the security system will have a direct impact on the sustainability of the vocational school. By using the WSTG Version 4.2 testing method you can apply detailed testing. The test results are adjusted to the OWASP Top 10, which contains a list of vulnerabilities so that conclusions can be drawn from the test results that have been carried out. Based on the results of penetration testing using the WSTG method (Web Security Testing Guide) Version 4.2, results can be obtained that there are dangerous security gaps based on the OWASP TOP 10, including: Broken Access Control, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, Identification and Authentication Failures. The results of this vulnerability analysis can help system managers and developers to be aware of the risks that may occur so they can take action to prevent and overcome these risks.