As one of the universities in Palembang City, XYZ University has its own web server that functions as an information system in the academic and financial activities of its users. Testing of security systems on information systems needs to be done, web server security is very important to avoid destruction, data theft, data manipulation, and so on. In this study, the OWASP framework and the ISSAF framework were used and then the two methods were compared. The results of this study found several security holes that have been recommended to developers and successfully repaired. There needs to be a comprehensive improvement starting from server configuration, sanitization improvement of character input filters from users, installation of Intrusion Detection System and Intrusion Prevention System.