The development of the world of computers, the internet and web technology is so rapid that it has penetrated all areas of people's lives. The increasing number of internet service users means that more and more information can be found online. Many individuals are aware of how the information they provide can be used, and organizations are increasingly aware of information security risks that can have negative impacts. Losing important documents can affect business processes, an organization's image, customer trust, and relationships with their business partners. This incident also occurred at PT. Sadikun Niagamas Raya as a subsidiary of PT. Pertamina.

The purpose of this research is to test the security of the www.sadikun.com web domain against attacks from outside parties and convert the penetration testing results into an understandable report.

The method used in this research is the Penetration Testing method with several steps starting from Star, searching for information, scanning, testing possible security gaps, creating a test report until completion.

The results obtained from this research are that 3 security gaps were found, including scripts that can be inserted and executed in the search column, usernames and passwords that can be accessed in the database due to the ID parameter in the URL being vulnerable to sqlinjection attacks, the database can be downloaded via the URL caused by a configuration error on the server side. Based on the OWASP framework which lists the 10 most common web application security vulnerabilities that have the potential to harm PT. Sadikun Niagamas Raya.