Information technology is growing rapidly alongside its users. One of the uses of information technology is websites, which have been widely adopted by various parties, including XYZ University, utilizing them for academic and internal purposes. One such website at the university is used for attendance tracking during practical sessions in the Faculty of XYZ. However, technological advancements have also brought an increase in security attacks on websites by unauthorized entities. Therefore, a vulnerability assessment was conducted using the Vulnerability Assessment and Penetration Testing (VAPT) method, employing automated scanning tools such as Nessus, Burpsuite, and OWASP ZAP to identify vulnerabilities in the website. During the testing, 27 security vulnerabilities were found and consolidated into 9 issues for exploitation and mitigation. Eventually, 4 out of the 9 security vulnerabilities were successfully mitigated.