Higher Education has been using web-based academic information system, for all academic administration process in this academic system such as study plan, academic transcipt, lecturers and Curriculum and student data. So that required maintenance in database and system management whith well-maintained and scheduled. It is necessary to apply the system to determine the level of vulnerability in order to avoid attacks from irresponsible parties. OWASP (Open Web Application Security Project) is one of the methods for testing the web-based applications released by owasp.org. Using OWASP may indicate that authentication management, authorization and session management.The STMIK Jakarta website often has problems on the web and the loss of some important data that interferes with lectures. At the end of 2016, around September when preparing for the first semester of the Study Plan, the website experienced programmed data loss, consequently the academic system was disrupted. The STMIK Jakarta has used a web-based academic information system, for all academic administrative processes such as study plans, academic transcripts, lecturers, curriculum and student data.This system requires data base and system management. It is important to implement a security system to determine the level of vulnerability to avoid attacks from irresponsible parties. OWASP (Open Web Application Security Project) is one method for testing web-based applications released by owasp.org. The results of the research have been carried out with the results reaching around 90% management authentication, authorization, and session management not being implemented properly.