The use of information technology in the field of education has become a necessity to increase effectiveness and efficiency in an educational organization. As an organization those who implement information technology are supposed to meet information security needs according to existing standards. Confidentiality, integrity, availability or commonly called CIA Triads are one security model that can be used as a standard for designing security information on an organization. The VAPT (Vunerability Assessment & Penetration Testing) method is methods that can be used to assess and test existing security vulnerabilities. Assessment and testing will be carried out on the MoU web application of the XYZ educational institution. Security vulnerability searches are performed using the Nessus tool. Results from searching for security vulnerabilities will be used in the testing phase of the attack simulation to determine the impact. Research result will be used as a report to the relevant parties for the evaluation process of the MoU web application.