The major IT developments lead to speed and mobility elevation of information access. One of them is using the website to share and gather information. Therefore, the mobility and information disclosure create a harmful vulnerability. Which is the leakage of information, whether organizational or sensitive information, such as bank accounts, phone number and many more. Security testing is necessarily needed on website usage. One of the website security testing method is penetration testing. Supporting framework that can be used in this method is OWASP Testing Guide Version 4. OTG Version 4 has 11 stages cover all aspects of website protection and security. Security testing is nicely done using tools / software. Tools with the concept of OSINT (Open Source Intelligence) are used to get better access and availability by using the characteristics of open source. The IT risk assessment analysis carried out by ISO 31000 framework and based on the results that have been obtained through penetration testing with OWASP framework. Significance & values of this research is finding the best and effective way to making IT risk management guidelines along with the combination of with OWASP & ISO 31000 framework, by doing website security assessment with penetration testing method based on OWASP framework to get the system vulnerabilities and analyze the risks that appears with the ISO 31000 framework. Also, the IT risk management guidelines consist of system improvement recommendations along with evaluation report which obtained from the collaboration analysis the OSINT concept, penetration testing methods, OWASP and ISO 31000 framework.

The application of technology in various fields makes mobility even higher, one of them is by making a website for exchange and manage information. However, with information disclosure causing security and protection issues to be considered. One of the website security techniques can be done by using the penetration testing method to know the vulnerability of the system. This study will implement tools with the Open Source Intelligence concept, namely Maltego as a medium for conducting security testing and using the OWASP version 4 framework as a standardization of steps taken when security test goes on. This study will focus on information gathering security testing of important factor of the X Company's website. The results of testing and analysis with the OWASP version 4 framework with the Testing for Information Gathering module show that the web application system used by X Company has information vulnerability of the used web server version, GET and POST requests, URL systematics, website framework, website builder component, and the outline of the website architecture. The researcher gave several recommendations related to the vulnerability of the website which later can be used by X Company website administrators to improve website security and protection.