Penetration Testing/IT Security Assessment LBFTA's Website

In March 2026, I had the opportunity to be directly involved in one of the most insightful technical activities in my journey as an IT Support and Public Communication staff at BPOLBF—a Penetration Testing (Pentest) / IT Security Assessment (ITSA) for the LBFTA’s website.

The activity took place in Bandung from March 8–14, 2026, and was supported by the Computer Security Incident Response Team (CSIRT) team from the Ministry of Tourism of Indonesia. For me personally, this wasn’t just another technical assignment—it was a real-world learning experience that reshaped how I see digital infrastructure, cybersecurity, and responsibility in the tourism sector.

Understanding Security from the Outside In

The testing process used a method known as Black Box Testing.

In simple terms, this method simulates how an external attacker would interact with a system—without any knowledge of its internal structure, codebase, or architecture. Everything is tested purely from the outside, just like how real-world cyber threats operate.

As someone who usually works on the operational and support side of systems, seeing our platform tested this way was both exciting and eye-opening.

It reminded me of one important truth:

A system is not truly secure just because it works well internally—it must also withstand external pressure.

Discovering Vulnerabilities: A Necessary Process

During the vulnerability scanning process, several cybersecurity notes and findings were identified.

Rather than seeing these findings as weaknesses, I see them as valuable checkpoints—a necessary part of building a stronger and more resilient system.

In the world of IT, especially in public-facing platforms like tourism websites, security is never “done.” It is an ongoing process of:

• testing
• learning
• improving
• and adapting

This experience made me realize that even small gaps can become critical if left unaddressed.

Where Tourism Industry Meets Technology

Working at LBFTA (Labuan Bajo Flores Tourism Authority), I often see tourism from the perspective of promotion, storytelling, and destination branding.

But this experience reminded me that behind every tourism platform, there is a layer of technology that must be secure, reliable, and trustworthy.

A tourism website is not just a digital brochure. It is:

• a source of information
• a representation of credibility
• and a gateway for global audiences

Which means—security is part of the visitor experience.

A Personal Reflection as an IT Enthusiast

As someone who considers myself an IT enthusiast, being part of this activity was incredibly meaningful.

It pushed me to think beyond daily technical tasks and see the bigger picture:

• How secure is the system I help maintain?
• How prepared are we for potential cyber threats?

This experience in Bandung was not just about identifying vulnerabilities—it was about building awareness, responsibility, and a mindset of continuous improvement.

I believe activities like Pentest and ITSA should not be seen as optional, but as essential practices—especially for institutions that manage public information and digital services.

Because in the end, technology is not only about building systems—
it’s about protecting them, improving them, and ensuring they serve people in the best way possible.

—

Engel Vione
IT Support Specialist & Public Communication Officer
Labuan Bajo Flores Tourism Authority
Ministry of Tourism of the Republic of Indonesia