The proliferation of digital technology has resulted in the growing utilization of applications to facilitate the execution of organizational business activities. This has a direct influence on the growing likelihood of cybercrime. To mitigate cybercrime, it is imperative to ascertain the present state of security of the IT infrastructure. Multiple paradigms exist for assessing the present security of IT infrastructure. Nevertheless, these frameworks still exhibit deficiencies, as none of them offer a comprehensive elucidation of the execution of security evaluation. Consequently, the author of this research paper presents a more comprehensive framework for evaluating the existing condition of IT infrastructure. The implementation of security evaluation consists of two distinct phases: penetration testing and risk measurement. The initial stage involves the utilization of the Web Security Testing Guide, a penetration testing framework developed by OWASP to enhance the security of web-based applications. The second phase employs the OWASP Risk Rating Methodology, a systematic approach for assessing the anticipated level of risk. The research yielded the discovery of 7 vulnerabilities, with 4 vulnerabilities classified as having a medium risk level and 3 vulnerabilities classified as having a low risk level. Security evaluation is conducted on vulnerabilities categorized as having a medium risk level due to their potential to cause losses and harm to IT infrastructure. The assessment is conducted by offering suggestions for enhancement. These recommendations are anticipated to serve as a guide for enhancing security on IT infrastructure in the future.