Possible security focus in the future: analysis of security issues in GIS and gis

Possible security focus in the future: analysis of security issues in GIS and gis

I have posted this article to my blog and hope more people can see it.

Possible security focus in the future: analysis of security issues in GIS

Citation: in recent years, industrial control security problems have gradually become a concern. At the same time, GIS security problems may become a major security focus in the future. This article will briefly describe the content of GIS in geography, and focus on the analysis of Web security and other issues of GIS systems. It is hoped that this article will play a role in attracting more security personnel, developers and users of GIS systems can pay attention to this field.

1. interpreting GIS
GIS (Geographic Information System) is a type of Geographic Information technology. It is widely used in different fields in combination with geography and computer science, GIS is a computer-based system used to input, store, query, analyze, and display geographical data. It can analyze and process spatial information (in short, is to map and analyze the phenomena and events on the earth ). GIS technology integrates the unique visual effects and geographic analysis functions of maps with general database operations (such as query and statistical analysis. (Combined with Baidu)

GIS system example:
GIS system of Guangxi Animal Disease Prevention and Control Center
It can be seen that with the help of a variable map, we can quickly learn about the epidemic situation in various regions and handle it in a timely manner. At the same time, the system's own warning system and data analysis can help the Animal Disease Prevention and Control Center more efficiently and easily.


Brief Introduction of GIS implementation process:


GIS systems:
Nature-disaster prediction, regional environmental changes (typhoons, precipitation, etc)
Humanistic society-population statistics, economic analysis, distribution of educational resources, etc.
As well as military, medical, and many other fields

A rough understanding is that GIS is an information system that combines maps and data (with maps and data ..)

2. GIS in Web Security
Through vulnerability mining and the cases collected in wooyun, the author summarized the current problems of GIS Security in Web security based on the GIS system type and vulnerability type. This allows you to see the current security status of some GIS systems.





Iii. Summary of GIS security issues
In China, GIS systems are still in the popularization stage. Many people find GIS system vulnerabilities, but they do not fully understand the role of the system. They even think that GIS is only a common three character. For GIS developers, many Web-side GIS systems have obvious vulnerabilities. for users, most of them use weak passwords. Therefore, we must pay attention to GIS security issues. I believe that in the future, with the popularization of the Internet of Things and the cloud era, there will be more alarm systems such as 110. The application of rescue systems to GIS will become a major security focus for GIS Security.
Although this article has some advantages, isn't all the technologies continuously improved and perfect? Because of this, a thin pipe in people's hands has become a telescope.
Finally, I would like to thank wooyun platform for its vulnerability support and all the white hats who have contributed to GIS security.

PS: Typical GIS vulnerability Cases

        http://wooyun.org/bugs/wooyun-2015-0138009
        http://wooyun.org/bugs/wooyun-2015-0100792
        http://wooyun.org/bugs/wooyun-2014-082721
        http://wooyun.org/bugs/wooyun-2014-083091
        http://wooyun.org/bugs/wooyun-2014-079423
        http://wooyun.org/bugs/wooyun-2015-0138275
        http://wooyun.org/bugs/wooyun-2015-0137686
        http://wooyun.org/bugs/wooyun-2015-0138805

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.