This research examines the security of the Employee Management Information System (SIMPEG) at UIN Ar-Raniry Banda Aceh using the OWASP Web Security Testing Guide (WSTG) framework. The aim of this study is to identify and address potential security vulnerabilities within the system. The research is divided into three phases: identifying the issues, performing grey-box penetration testing with a focus on client-side testing as outlined in OWASP WSTG, and reporting the findings using the WSTG Checklist. The testing results revealed that out of the thirteen tests conducted, one vulnerability related to Cross Origin Resource Sharing (CORS) was discovered. This study concludes that the SIMPEG system at UIN Ar-Raniry Banda Aceh demonstrates a good level of security, though further improvements are necessary to address the identified issues. Recommendations for enhancing the security of SIMPEG include continuous testing and updates to address emerging threats.