The website is a collection of information services that function as a means of interaction either individually, in groups, or in organizations. The benchmark that makes a website good is a website that has a high level of security so that it can provide comfort for its users. Therefore all agencies try to provide the best through websites that are used as information services, one of which is the Super Indo Company. However, in the running process, there are disturbances on the website, such as bugs found and the absence of security standards applied to the website. The purpose of this research is to find alerts so that bugs are identified using the OWASP ZAP application and to find out the level of security applied to websites using the COBIT 5 standard or method. The results obtained from all activity processes get a capability level value of 3.42 or at the Established process level (a management process). The Super Indo company is already at a fairly good level in the website development process

Ranitania, A., & Fahmi, A. Analisis Tata Kelola Proses Layanan Keamanan Kegiatan E-Procurement Pada Lpse Provinsi Jawa Tengah Berdasarkan Kerangka Kerja COBIT 5. 1–7. 2015.

Pasha, D., Priandika, A. thyo, & Indonesian, Y. Analisis Tata Kelola It Dengan Domain Dss Pada Instansi Xyz Menggunakan Cobit 5. Jurnal Ilmiah Infrastruktur Teknologi Informasi, 1(1), 7–12. 20220.

Riadi, I., & W, A. Y. Y. Analisis Keamanan Website Open Journal System Menggunakan Security Analysis Open Journal System Website Using. Jurnal Teknologi Informasi Dan Ilmu Komputer (JTIIK), 7(4), 853–860. 2020.

Rahayu, T., Matondang, N., & Hananto, B. AUDIT SISTEM INFORMASI AKADEMIK. 2020.

Yunanri.W, Doddy Teguh Yuwono, Rodianto, Y. Deteksi Serangan Vulnerability Pada Open Jurnal System Menggunakan Metode Black-Box. Jire (Jurnal Informatika & Rekayasa Elektronika, 4(1), 68–77. 2021.

Z. Yang, “A NEW METHOD FOR VULNERABILITY ANALYSIS AND APPLICATION IN RURAL DWELLINGS,” 2019 Symp. Piezoelectrcity,Acoustic Waves Device Appl., no. 1, pp. 1–4, 2019.

A. Mendoza and G. Gu, “Mobile Application Web API Reconnaissance : Web-to-Mobile Inconsistencies & Vulnerabilities,” 2018 IEEE Symp. Secur. Priv., pp. 756–769, 2018.

J. Hu et al., “A Memory-Related Vulnerability Detection Approach Based on Vulnerability Features,” vol. 25, no. 5, pp. 604–613, 2020.

A. Schr and N. Bettenburg, “Do Stack Traces Help Developers Fix Bugs?”. pp. 118–121,2010.

E. Crifasi, S. Pike, and Z. Stuedemann,“Cloud-Based Source Code Security andVulnerabilities Analysis Tool for C / C ++ Software Systems,” 2018 IEEE Int. Conf. Electro/Information Technol., pp. 651–654, 2018.

M. Almousa, N. C. A, and T. State, “Predictive Analytics,” 2019 17th Int. Conf. Privacy,Secur. Trust, pp. 1–3, 2019.

A. Alzahrani, A. Alqazzaz, H. Fu, and N. Almashfi, “Web Application Security Tools Analysis,” 2017.

R. A. Khan, “Evaluating Performance of Web Application Security Through a Fuzzy Based Hybrid Multi-Criteria Decision-Making Approach: Design Tactics Perspective,” vol. 8, 2020.

S. Tyagi, “Evaluation of Static Web Vulnerability Analysis Tools,” 2018 Fifth Int. Conf. Parallel, Distrib. Grid Comput., pp. 1–6, 2018.

A. Shukla, B. Katt, and L. O. Nweke, “Vulnerability Discovery Modelling With Vulnerability Severity,” 2019.

L. K. Shar, D. Bianculli, L. Briand, and J. Thom, “An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving,” vol. 5589, no. c, pp. 1–33, 2018.