PTES-Based Security System for Personal Data Protection of Rural Area Websites

Abstract

The use of digital systems like XYZ for managing data in rural areas plays a critical role in improving the efficiency and effectiveness of development programs. This study investigates security weaknesses in the login system of the XYZ platform through a structured penetration testing approach, guided by the Penetration Testing Execution Standard (PTES). A mockup environment was developed using tools such as Visual Studio Code, XAMPP, MySQL, PHPMailer, Twilio, and Hydra to safely simulate attacks without affecting the live system. The assessment revealed that the platform relies solely on password-based authentication, making it highly vulnerable to brute-force and hybrid attacks, especially when users use weak or outdated passwords. These vulnerabilities pose serious risks to the confidentiality and availability of sensitive user data. To mitigate these threats, the study proposes implementing two-factor authentication (2FA), one-time passwords (OTP), account lockout mechanisms, and brief delay periods after failed login attempts. These measures were tested in the mockup environment, and the results showed a significant improvement in system security, with all attack simulations failing to gain access. This research contributes to the broader discourse on cybersecurity in rural informatics by offering practical recommendations for securing digital public service platforms. It emphasises the importance of layered authentication mechanisms and proactive testing to prevent unauthorised access and data misuse, ensuring that community information systems remain both resilient and trustworthy