Geospatial Security for Web GIS

Practical training to secure ArcGIS/GeoServer/GeoNetwork web GIS stacks—covering threats, hardening, SSO, and data protection from design to operations.

Overview Curriculum
Web GIS security training overview – GeoSecure Tech

Course Overview

Web GIS has transformed how spatial data is shared for planning, response, and operations—but greater reach also introduces cyber risk. This training builds the skills to identify vulnerabilities, harden platforms, implement modern identity, and protect sensitive geospatial data across the full lifecycle.

  • Understand common Web GIS attack vectors and misconfigurations.
  • Apply access control and encryption for data in transit/at rest.
  • Integrate SSO (SAML/OIDC with Keycloak) for ArcGIS & Geo apps.
  • Adopt secure coding & deployment practices for GIS services.
  • Map risks to governance & compliance requirements.

Who Should Attend

GIS admins, DevOps/IT engineers, security analysts, solution architects, and developers building or operating ArcGIS/GeoServer/GeoNetwork/Leaflet/MapLibre apps.

  • ArcGIS Enterprise / Portal administrators
  • Security & compliance teams working with spatial data
  • Web GIS developers and platform engineers

Learning Outcomes

  • Assess and prioritize Web GIS security risks.
  • Harden ArcGIS/GeoServer/GeoNetwork & secure service endpoints.
  • Configure SSO with Keycloak (SAML/OIDC) for GIS portals & apps.
  • Implement logging, monitoring, and incident response basics.
  • Create a practical hardening & rollout checklist for your org.

Curriculum at a Glance

1) Threats & Fundamentals

Web GIS attack surface, data privacy, threat models, and security posture baseline.

2) Platform Hardening

ArcGIS Enterprise/Portal, GeoServer & GeoNetwork configuration, service security, REST directory exposure.

3) Identity & SSO

Keycloak setup, SAML/OIDC flows, role mapping, app/client configs, token hygiene.

4) Data Protection

TLS, secrets, at-rest encryption options, access control, least privilege, shared data risks.

5) Secure Coding & APIs

Service tokens, CORS, input validation, rate limits, audit trails, dependency hygiene.

6) Ops, Monitoring & IR

Logging, dashboards, alerting, backup/restore, tabletop exercises, response playbooks.

Format & Prerequisites

  • Instructor-led (virtual or onsite), hands-on labs and case studies.
  • Audience: intermediate; basic GIS/web familiarity recommended.
  • Lab stack: ArcGIS Enterprise/Portal or GeoServer/GeoNetwork, Keycloak, TLS, sample services.
Need a private cohort or custom modules (e.g., cloud/IaC)? We tailor content to your environment.

Schedule & Registration

Upcoming public cohorts and private bookings available.

View Dates & Register Ask about a private cohort
Powered by GeoSecure Tech training practice.

Want this training tailored to your platform?

We can align labs with your ArcGIS/Keycloak setup and security goals.

Talk to an expert