Technological advancements have positively impacted various fields, including the Internet. Awareness of system security has become a crucial concern for application developers. Protecting networks from disruptions or hacker attacks can be achieved through self-testing methods, such as Penetration Testing (Pentest). This research conducts a penetration test on the mail server domain, mail.umtk.sch.id, using the tools OWASP Zap and Acunetix. The results of this testing reveal the detection of 9 vulnerabilities and based on the OWASP Top 10 2017 vulnerability categories, five categories were identified: Broken Authentication, Sensitive Data Exposure, Broken Access Control, Security Misconfiguration, and Using Components with Known Vulnerabilities