Method and apparatus for security testing of a call center

Abstract

The application discloses a method and device for performing security test on a call center, and relates to the technical field of computers. A specific implementation of the method comprises the following steps: determining a test task type according to task information of a received test task, and determining a target task module in a task module list; further, calling the target task module to perform security test on a to-be-tested platform according to the task information and configuration information of the target task module, and obtaining a test result. The implementation can perform security test on the to-be-tested platform through configurable task modules, and improves the flexibility and accuracy of the test.

Description

Technical Field

[0001] This invention relates to the field of computer technology, and in particular to a method and apparatus for conducting security testing on call centers. Background Technology

[0002] With the development of internet technology and the market, most user call services can now be conducted online, often requiring the establishment of call centers and customer service centers. Most call centers on the market prioritize call efficiency, neglecting call security and reliability. For upstream and downstream integration, they simply provide address whitelists. Furthermore, the security of the internal business system is not considered during system construction; system security relies solely on internet firewalls, creating inherent security vulnerabilities. In the current development environment, these security vulnerabilities are difficult to detect and address in a timely manner. Summary of the Invention

[0003] In view of this, embodiments of the present invention provide a method and apparatus for security testing of call centers, which can accurately determine the security risks existing in call centers through testing.

[0004] To achieve the above objectives, according to one aspect of the present invention, a method for performing security testing on a call center is provided, comprising:

[0005] Based on the task information received from the test task, determine the task type corresponding to the test task;

[0006] The target task module is determined from the task module list based on the task type. The task module list includes a first detection module for detecting network security, a second detection module for detecting data compliance and data security, a third detection module for detecting data transmission security, and a fourth detection module for detecting login information security.

[0007] Based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center.

[0008] Optionally, based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center, including:

[0009] The target task module includes a first detection module, which obtains the address list from the task information;

[0010] Based on the configuration information of the first detection module, the call center sends a detection message to the agent server corresponding to the address list to obtain the first test result.

[0011] Optionally, the method further includes:

[0012] In response to the first test result being a received response message, based on the configuration information of the scanning module, the call center sends more than a preset threshold number of requests to the agent server corresponding to the address list, and obtains the request result;

[0013] Update the first test result based on the request result.

[0014] Optionally, based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center, including:

[0015] The target task module includes a second detection module, which obtains the address list from the task information;

[0016] Based on the address list and the configuration information of the second detection module, the call center performs agent registration, login, and call processes to obtain process data;

[0017] Security checks are performed based on process data to obtain a second test result. The security checks include at least one of the following: whether authentication is performed, whether encryption is performed, whether server information is carried, and whether there is a limit on the number of message retries.

[0018] Optionally, based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center, including:

[0019] The target task module includes a third detection module, which retrieves the address list from the task information.

[0020] Intercepting media data from the call center based on the configuration information and address list of the third detection module;

[0021] A third test result is generated by determining whether the media data is encrypted.

[0022] Optionally, based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center, including:

[0023] The target task module includes a fourth detection module, which obtains the call center's login account.

[0024] The system polls a pre-defined dictionary containing weak passwords based on the login account to determine whether the call center has weak passwords and login restrictions, and obtains the judgment result.

[0025] The fourth test result is generated based on the judgment result.

[0026] According to another aspect of the present invention, an apparatus for performing security testing on a call center is provided, comprising:

[0027] The determining unit is used to determine the task type corresponding to the test task based on the task information of the received test task; and to determine the target task module from the task module list based on the task type. The task module list includes a first detection module for detecting network security, a second detection module for detecting data compliance and data security, a third detection module for detecting data transmission security, and a fourth detection module for detecting login information security.

[0028] The invocation unit is used to invoke the target task module to perform security testing on the call center based on task information and the configuration information of the target task module.

[0029] Optionally, the calling unit is also used for:

[0030] The target task module includes a first detection module, which obtains the address list from the task information;

[0031] Based on the configuration information of the first detection module, the call center sends a detection message to the agent server corresponding to the address list to obtain the first test result.

[0032] Optionally, the calling unit is also used for:

[0033] In response to the first test result being a received response message, based on the configuration information of the scanning module, the call center sends more than a preset threshold number of requests to the agent server corresponding to the address list, and obtains the request result;

[0034] Update the first test result based on the request result.

[0035] Optionally, the calling unit is also used for:

[0036] The target task module includes a second detection module, which obtains the address list from the task information;

[0037] Based on the address list and the configuration information of the second detection module, the call center performs agent registration, login, and call processes to obtain process data;

[0038] Security checks are performed based on process data to obtain a second test result. The security checks include at least one of the following: whether authentication is performed, whether encryption is performed, whether server information is carried, and whether there is a limit on the number of message retries.

[0039] Optionally, the calling unit is also used for:

[0040] The target task module includes a third detection module, which retrieves the address list from the task information.

[0041] Intercepting media data from the call center based on the configuration information and address list of the third detection module;

[0042] A third test result is generated by determining whether the media data is encrypted.

[0043] Optionally, the calling unit is also used for:

[0044] The target task module includes a fourth detection module to obtain the call center's login account;

[0045] The system polls a pre-defined dictionary containing weak passwords based on the login account to determine whether the call center has weak passwords and login restrictions, and obtains the judgment result.

[0046] The fourth test result is generated based on the judgment result.

[0047] According to another aspect of the present invention, an electronic device is provided, comprising: one or more processors; and a storage device for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors implement the method for performing security testing on a call center provided in the embodiments of the present invention.

[0048] According to another aspect of the present invention, a computer-readable medium is provided having a computer program stored thereon, which, when executed by a processor, implements the method for performing security testing on a call center provided in the embodiments of the present invention.

[0049] According to another aspect of the present invention, a computer program product is provided, including a computer program that, when executed by a processor, implements the method for performing security testing on a call center provided in the embodiments of the present invention.

[0050] One embodiment of the above invention has the following advantages or beneficial effects: it can perform different security tests on the call center, including data security and network security, through configurable detection modules according to the received test tasks, obtain the corresponding test results, accurately determine the data security risks existing in the call center, and help the call center to take corresponding measures to protect the data security of the call center.

[0051] The further effects of the aforementioned unconventional alternative methods will be explained below in conjunction with specific implementation methods. Attached Figure Description

[0052] The accompanying drawings are provided to better understand the invention and are not intended to unduly limit the scope of the invention. Wherein:

[0053] Figure 1 This is a schematic diagram of the existing call flow in a call center;

[0054] Figure 2 This is a schematic diagram illustrating the main steps of a method for conducting security testing on a call center according to an embodiment of the present invention;

[0055] Figure 3 This is a schematic diagram of the test platform according to an embodiment of the present invention;

[0056] Figure 4 This is a schematic diagram of the main modules of an apparatus for performing security testing on a call center according to an embodiment of the present invention;

[0057] Figure 5 This is an exemplary system architecture diagram in which embodiments of the present invention can be applied;

[0058] Figure 6 This is a schematic diagram of the structure of a computer system suitable for implementing terminal devices or servers of the present invention. Detailed Implementation

[0059] The following description, in conjunction with the accompanying drawings, illustrates exemplary embodiments of the present invention, including various details to aid understanding. These details should be considered merely exemplary. Therefore, those skilled in the art will recognize that various changes and modifications can be made to the embodiments described herein without departing from the scope and spirit of the invention. Similarly, for clarity and brevity, descriptions of well-known functions and structures are omitted in the following description.

[0060] It should be noted that the technical solutions disclosed in this invention, regarding the collection, updating, analysis, processing, use, transmission, and storage of user personal information, all comply with relevant laws and regulations, are used for legitimate purposes, and do not violate public order and good morals. Necessary measures are taken to prevent unauthorized access to user personal information data and to safeguard user personal information security, network security, and national security.

[0061] It should be noted that the collection, use, storage, sharing and transfer of user personal information involved in the technical solution of the present invention all comply with the provisions of relevant laws and regulations, and require notification to users and obtaining their consent or authorization. When applicable, user personal information is subjected to de-identification and / or anonymization and / or encryption technical processing.

[0062] Existing call center call processes, such as Figure 1As shown, the process includes a calling client, a call center's proxy server, and a called client. The calling client first sends a registration request to the proxy server. The proxy server verifies the request, registers the client in the system, and returns a registration success message to the calling client. The calling client then sends a call request to the proxy server to the called client. The proxy server authenticates the call request. If authentication is successful, it returns response data to the calling client, indicating that the call is being processed, and forwards the call request to the called client. After the called client successfully connects, it receives the returned response data and forwards it to the calling user. It receives the calling user's confirmation message and forwards it to the called user, successfully establishing the call. The calling and called users can then exchange media data. Finally, it receives the called client's call end message and forwards it to the calling user. It also receives the call center's response data and forwards it to the called user, ending the call. This process involves a large amount of data processing and multi-terminal data interaction, often raising concerns about data security and data transmission security. Based on this, embodiments of the present invention provide a method for security testing of call centers, which can perform security testing on call centers, discover security problems existing in call centers, and help to further improve these security problems in the future.

[0063] Figure 2 This is a schematic diagram of the main flow of a method for performing security testing on a call center according to an embodiment of the present invention, applied to a testing platform, such as... Figure 2 As shown, it includes:

[0064] Step S201: Determine the task type corresponding to the test task based on the task information received from the test task.

[0065] The task scheduling module receives security test tasks and determines the task type of the test task to be performed based on the task information. Specifically, the task type of the test task includes a task identifier or task code, with each task identifier or code corresponding to a task type and the required task parameters. For example, task identifiers 01-04 correspond to tasks 1-4.

[0066] Optionally, task parameters may include a list of addresses, task execution order, and other parameters.

[0067] Step S202: Determine the target task module from the task module list based on the task type. The task module list includes a first detection module for detecting network security, a second detection module for detecting data compliance and data security, a third detection module for detecting data transmission security, and a fourth detection module for detecting login information security.

[0068] After determining the task type, the target task module for executing the test task can be identified by matching it with modules in the task list, and the task can then be distributed to the target task module. The modules in the task list are those registered on the testing platform, including the first detection module, the second detection module, the third detection module, and the fourth detection module. Specifically, the first detection module is used to detect network security, i.e., to detect the network environment; the second detection module is used to perform data compliance and data security detection, i.e., to detect whether SIP (Session Initiation Protocol) data is compliant and whether there is any data leakage in SIP; the third detection module is used to detect data transmission security; and the fourth detection module is used to detect login information security, i.e., to detect the existence of weak passwords and password-related restrictions.

[0069] When conducting tests, the test task can be achieved through any combination of the above modules, or through any module. The specific target task module selected can be determined according to the actual situation.

[0070] Optionally, the task list can also be expanded with other modules that have testing capabilities; there are no restrictions on this.

[0071] Step S203: Based on the task information and the configuration information of the target task module, call the target task module to perform a security test on the call center.

[0072] After the task is distributed to each target task module, each target task module performs a security test on the call center based on the task content and the module's configuration information to obtain the test results. The test results can be generated in the form of a test report.

[0073] Optionally, there can be multiple call centers, and security testing can be performed on each call center using the methods in steps S201 to S203. Correspondingly, when receiving a test task, the task information may also include an identifier for the call center to determine which call center is being tested.

[0074] The method for security testing of a call center provided by the embodiments of the present invention can perform different security tests on the call center, including data security and network security, through configurable detection modules according to the received test tasks, obtain corresponding test results, accurately determine the data security risks existing in the call center, and help the call center to take corresponding measures to protect the data security of the call center.

[0075] Optionally, based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center, including: in response to the target task module including a first detection module, obtaining the address list from the task information; based on the configuration information of the scanning module, sending detection messages to the agent servers corresponding to the address list through the call center to obtain a first test result. When the determined target task module includes the first detection module, the address list from the issued task information is obtained. For each address in the list, the content of the detection message is determined according to the configuration information of the first detection module, including the detection message itself, option, info, and invite. The detection message is then sent to the agent server corresponding to each address through the call center to check whether there is any returned response data. If there is returned response data, it indicates that the call center's server can be scanned by the external network and lacks corresponding firewall policies; if there is no returned response data, it indicates that the server cannot be scanned by the external network and has corresponding firewall policies. The first test result is determined based on the returned response data.

[0076] Optionally, the first test result can be generated in the form of a test report.

[0077] Optionally, in response to the first test result being a received response, based on the configuration information of the scanning module, the call center sends more than a preset threshold number of requests to the agent servers corresponding to the address list, obtaining request results; the first test result is then updated based on these request results. If a returned response data is detected, a large number of identical requests are sent to the agent servers corresponding to the address list, and the call center is checked for a response. Here, a large number of identical requests are those with a request count exceeding a preset threshold. If the call center responds to all requests, it indicates that the call center lacks flood protection; if it only responds to some requests, or responds to none, it indicates that the call center does not lack flood protection.

[0078] The method for security testing of a call center provided by the present invention can detect the network environment security of the call center through a configurable first detection module, determine whether the call center has a corresponding firewall policy, obtain accurate test results, and help identify the network risks existing in the call center.

[0079] Optionally, based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center. This includes: in response to the target task module including a second detection module, obtaining the address list from the task information; based on the address list and the configuration information of the second detection module, performing agent registration, login, and call processes through the call center to obtain process data; and performing security testing based on the process data to obtain a second test result. The security testing includes at least one of the following: whether authentication is performed, whether encryption is used, whether server information is carried, and whether there is a message retry limit. When the target task module includes a second detection module, the address list from the task information is obtained. Based on the address list and the module's configuration information, the call center is simulated to perform agent registration, login, and call processes to obtain corresponding process data. The obtained process data is then subjected to security testing, i.e., testing for any data insecurity in the above processes. Specifically, this includes at least one of the following: whether authentication is performed, whether encryption is used, whether server information is carried, and whether there is a message retry limit. The corresponding detection methods are: whether there is authentication behavior; whether the exchanged data is encrypted through the TLS (Transport Layer Security) mechanism, and whether the SDP packets (protocol data packets) in the exchanged data have a security encryption strategy; whether the exchanged data carries information such as the server version and the server's internal network; and whether there are message retry limits and discarding policies.

[0080] The method for security testing of a call center provided by the present invention can test the data security of the call center's registration and call process through a configurable second detection module, including whether the data is compliant and whether there is data leakage, which helps to determine the data risks existing in the call center.

[0081] Optionally, based on the task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center, including: in response to the target task module including a third detection module, obtaining the address list from the task information; intercepting the call center's media data (RTP stream data) based on the configuration information of the third detection module and the address list; and generating a third test result by determining whether the media data is encrypted. When the target task module includes a third detection module, the address list from the task information is obtained, and based on the configuration information of the third detection module, media data exchanged by the call center based on the address list is intercepted, and it is determined whether the media data is encrypted to obtain a third test result.

[0082] Optionally, the configuration information of the third detection module includes information such as the time when media data is intercepted and the amount of data intercepted.

[0083] Optionally, based on task information and the configuration information of the target task module, the target task module is invoked to perform security testing on the call center, including: in response to the target task module including a fourth detection module, obtaining the call center's login account; polling a pre-set dictionary containing weak passwords based on the login account to determine whether the call center has weak passwords and login restrictions, and obtaining a judgment result; generating a fourth test result based on the judgment result. When the target task module includes a fourth detection module, the call center's login account is obtained. This login account can be an account stored in the task information or a login account received by sending an account request to the call center. Polling is performed based on the login account and the pre-stored dictionary containing weak passwords in the fourth detection module. Based on the polling result and the polling process, it is determined whether there are weak passwords and login restrictions, and a judgment result is obtained. Specifically, for each account in the login account list, weak passwords in the dictionary are polled, and an attempt is made to log in successfully based on the account-password format. If an account logs in successfully, it indicates that a weak password exists; if it does not log in successfully, it indicates that a weak password does not exist. In addition, it is determined whether there are account lockouts, pop-up message prompts, blacklisting, or other operations during the login attempt process, thereby determining whether there are login restrictions. Based on the judgment results, the fourth test result is determined.

[0084] Optionally, the method may also include a test report synthesis module, which collects and integrates the test reports containing test results generated by each detection module to obtain the detection report of the call platform, and stores it through the report storage module.

[0085] The method for security testing of a call center provided by the present invention can determine the target task module in the task module list based on the received test task, and perform security tests on the data security, network security, etc. of the call center based on the configurable target task module, and statistically analyze the test results to obtain the final test report of the call center. This achieves accurate testing of the call center, helps to discover risks in the data security, network security, etc. of the call center, and prompts the call center to take corresponding improvement measures.

[0086] like Figure 3 The diagram shows the structure of a test platform according to an embodiment of the present invention, including a task scheduling module, a first detection module, a second detection module, a third detection module, a fourth detection module, a test report synthesis module, and a report storage module. The task scheduling module of the test platform initiates test tasks. After receiving the corresponding task, each detection module executes its respective test task, generates a test report, and sends it to the test report synthesis module. The test report synthesis module integrates the received test reports and stores them in the report storage module.

[0087] Figure 4This is a schematic diagram of a device 400 for performing security testing on a call center, as provided in an embodiment of the present invention. Figure 4 As shown, it includes:

[0088] The determining unit 401 is used to determine the task type corresponding to the test task based on the task information of the received test task; and to determine the target task module from the task module list based on the task type. The task module list includes a first detection module for detecting network security, a second detection module for detecting data compliance and data security, a third detection module for detecting data transmission security, and a fourth detection module for detecting login information security.

[0089] Calling unit 402 is used to call the target task module to perform security testing on the call center based on task information and the configuration information of the target task module.

[0090] The apparatus for security testing of a call center provided in this embodiment of the invention can perform different security tests on the call center, including data security and network security, through configurable detection modules according to the received test tasks, and obtain corresponding test results. This accurately determines the data security risks existing in the call center and helps the call center to take corresponding measures to protect its data security.

[0091] Optionally, calling unit 402 is also used for:

[0092] The target task module includes a first detection module, which obtains the address list from the task information;

[0093] Based on the configuration information of the first detection module, the call center sends a detection message to the agent server corresponding to the address list to obtain the first test result.

[0094] Optionally, calling unit 402 is also used for:

[0095] In response to the first test result being a received response message, based on the configuration information of the scanning module, the call center sends more than a preset threshold number of requests to the agent server corresponding to the address list, and obtains the request result;

[0096] Update the first test result based on the request result.

[0097] Optionally, calling unit 402 is also used for:

[0098] The target task module includes a second detection module, which obtains the address list from the task information;

[0099] Based on the address list and the configuration information of the second detection module, the call center performs agent registration, login, and call processes to obtain process data;

[0100] Security checks are performed based on process data to obtain a second test result. The security checks include at least one of the following: whether authentication is performed, whether encryption is performed, whether server information is carried, and whether there is a limit on the number of SIP message retries.

[0101] Optionally, calling unit 402 is also used for:

[0102] The target task module includes a third detection module, which retrieves the address list from the task information.

[0103] Intercepting media data from the call center based on the configuration information and address list of the third detection module;

[0104] A third test result is generated by determining whether the media data is encrypted.

[0105] Optionally, calling unit 402 is also used for:

[0106] The target task module includes a fourth detection module to obtain the call center's login account;

[0107] The system polls a pre-defined dictionary containing weak passwords based on the login account to determine whether the call center has weak passwords and login restrictions, and obtains the judgment result.

[0108] The fourth test result is generated based on the judgment result.

[0109] The apparatus for security testing of a call center provided in this embodiment of the invention can determine the target task module in the task module list based on the received test task, and perform security tests on the data security, network security, and other aspects of the call center based on the configurable target task module, and statistically analyze the test results to obtain the final test report of the call center, thereby achieving accurate testing of the call center, helping to discover risks in the data security, network security, and other aspects of the call center, and prompting the call center to take corresponding improvement measures.

[0110] Figure 5 An exemplary system architecture 500 is shown, which can be used to perform security testing on a call center according to embodiments of the present invention.

[0111] like Figure 5 As shown, system architecture 500 may include terminal devices 501, 502, and 503, a network 504, and a server 505. Network 504 serves as the medium for providing communication links between terminal devices 501, 502, and 503 and server 505. Network 504 may include various connection types, such as wired or wireless communication links, or fiber optic cables, etc.

[0112] Users can use terminal devices 501, 502, and 503 to interact with server 505 via network 504 to receive or send messages, etc. Various communication client applications can be installed on terminal devices 501, 502, and 503, such as shopping applications, web browser applications, search applications, instant messaging tools, email clients, social media platform software, etc. (for example only).

[0113] Terminal devices 501, 502, and 503 can be various electronic devices with displays that support web browsing, including but not limited to smartphones, tablets, laptops, and desktop computers.

[0114] Server 505 can be a server that provides various services, such as a backend management server that supports shopping websites browsed by users using terminal devices 501, 502, and 503 (for example only). The backend management server can analyze and process data such as received test requests, and feed back the processing results (such as test results - for example only) to the terminal devices.

[0115] It should be noted that the method for performing security testing on a call center provided in this embodiment of the invention is generally executed by server 505, and correspondingly, the device for performing security testing on a call center is generally located in server 505.

[0116] It should be understood that Figure 5 The number of terminal devices, networks, and servers shown is merely illustrative. Depending on implementation needs, any number of terminal devices, networks, and servers can be included.

[0117] The following is for reference. Figure 6 It shows a schematic diagram of the structure of a computer system 600 suitable for implementing terminal devices or servers of the present invention. Figure 6 The terminal device or server shown is merely an example and should not impose any limitation on the functionality and scope of use of the embodiments of the present invention.

[0118] like Figure 6 As shown, the computer system 600 includes a central processing unit (CPU) 601, which can perform various appropriate actions and processes based on programs stored in read-only memory (ROM) 602 or programs loaded from storage section 608 into random access memory (RAM) 603. The RAM 603 also stores various programs and data required for the operation of the system 600. The CPU 601, ROM 602, and RAM 603 are interconnected via a bus 604. An input / output (I / O) interface 605 is also connected to the bus 604.

[0119] The following components are connected to I / O interface 605: an input section 606 including a keyboard, mouse, etc.; an output section 607 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and speakers, etc.; a storage section 608 including a hard disk, etc.; and a communication section 609 including a network interface card such as a LAN card, modem, etc. The communication section 609 performs communication processing via a network such as the Internet. A drive 610 is also connected to I / O interface 605 as needed. A removable medium 611, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on drive 610 as needed so that computer programs read from it can be installed into storage section 608 as needed.

[0120] In particular, according to the embodiments disclosed in this invention, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments disclosed in this invention include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication section 609, and / or installed from removable medium 611. When the computer program is executed by central processing unit (CPU) 601, it performs the functions defined above in the system of this invention.

[0121] It should be noted that the computer-readable medium shown in this invention can be a computer-readable signal medium or a computer-readable storage medium, or any combination thereof. A computer-readable storage medium can be, for example,—but not limited to—an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this invention, a computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this invention, a computer-readable signal medium can include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code. Such propagated data signals can take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. Computer-readable signal media can also be any computer-readable medium other than computer-readable storage media, which can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. The program code contained on the computer-readable medium can be transmitted using any suitable medium, including but not limited to: wireless, wire, optical fiber, RF, etc., or any suitable combination thereof.

[0122] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram or flowchart, and combinations of blocks in a block diagram or flowchart, may be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.

[0123] The units or modules described in the embodiments of the present invention can be implemented in software or hardware. The described units or modules can also be housed in a processor; for example, a processor can be described as including a determining unit and a calling unit. The names of these units do not necessarily limit the unit or module itself; for example, the calling unit can also be described as "a unit for calling a target task module to perform security testing on a call center based on task information and the configuration information of the target task module."

[0124] In another aspect, the present invention also provides a computer-readable medium, which may be included in the device described in the above embodiments; or it may exist independently and not assembled into the device. The computer-readable medium carries one or more programs, which, when executed by the device, cause the device to include:

[0125] Based on the task information received from the test task, determine the task type corresponding to the test task;

[0126] Based on the task type, the target task module is determined from the task module list. The task module list includes a first detection module for detecting network security, a second detection module for performing data compliance and data security detection, a third detection module for detecting data transmission security, and a fourth detection module for detecting login information security.

[0127] Based on the task information and the configuration information of the target task module, the target task module is invoked to perform a security test on the call center.

[0128] According to the technical solution of the present invention, the call center can be subjected to different security tests, including data security and network security, through configurable detection modules based on the received test tasks, and the corresponding test results can be obtained. This can accurately determine the data security risks existing in the call center and help the call center take corresponding measures to protect the data security of the call center.

[0129] According to another aspect of the present invention, a computer program product is provided, including a computer program that, when executed by a processor, implements the method for performing security testing on a call center provided in the embodiments of the present invention.

[0130] The specific embodiments described above do not constitute a limitation on the scope of protection of this invention. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can occur depending on design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this invention should be included within the scope of protection of this invention.

Claims

1. A method for conducting security testing on a call center, characterized in that, include: The task scheduling module receives test tasks and determines the task type corresponding to the test task based on the task information received. The test task includes one task module or a combination of multiple task modules. The task parameters corresponding to the task type include the task execution order. Based on the task type, the target task module is determined from the task module list. The task module list includes a first detection module for detecting network security, a second detection module for detecting data compliance and data security, a third detection module for detecting data transmission security, and a fourth detection module for detecting login information security. The modules in the task module list are task modules that have been registered on the testing platform to implement different testing functions. Based on the task information and the configuration information of the target task module, the target task module is invoked in the order of task execution to perform security testing on the call center, so as to generate test results containing the test report of the target task module.

2. The method according to claim 1, characterized in that, The step of invoking the target task module to perform security testing on the call center based on the task information and the configuration information of the target task module includes: In response to the target task module including a first detection module, the address list in the task information is obtained; Based on the configuration information of the first detection module, a detection message is sent from the call center to the agent server corresponding to the address list to obtain the first test result.

3. The method according to claim 2, characterized in that, The method further includes: In response to the first test result being a received response information, based on the configuration information of the scanning module, the call center sends more than a preset threshold number of requests to the agent server corresponding to the address list, and obtains the request result; Update the first test result based on the request result.

4. The method according to any one of claims 1-3, characterized in that, The step of invoking the target task module to perform security testing on the call center based on the task information and the configuration information of the target task module includes: In response to the target task module including a second detection module, the address list in the task information is obtained; Based on the address list and the configuration information of the second detection module, the call center performs agent registration, login, and call processes to obtain process data. Security checks are performed on the process data to obtain a second test result. The security checks include at least one of the following: whether authentication is required, whether encryption is used, whether server information is carried, and whether there is a limit on the number of message retries.

5. The method according to any one of claims 1-3, characterized in that, The step of invoking the target task module to perform security testing on the call center based on the task information and the configuration information of the target task module includes: In response to the target task module including a third detection module, the address list in the task information is obtained; Based on the configuration information of the third detection module and the address list, the media data of the call center is intercepted; A third test result is generated by determining whether the media data is encrypted.

6. The method according to any one of claims 1-3, characterized in that, The step of invoking the target task module to perform security testing on the call center based on the task information and the configuration information of the target task module includes: In response to the target task module including the fourth detection module, the login account of the call center is obtained; Based on the login account, the system polls a preset dictionary containing weak passwords to determine whether the call center has weak passwords and login restrictions, and obtains the determination result. A fourth test result is generated based on the judgment result.

7. An apparatus for performing security testing on call centers, characterized in that, include: The determining unit is configured to receive test tasks through the task scheduling module and determine the task type corresponding to the test task based on the task information of the received test task. The test task includes one task module or a combination of multiple task modules, and the task parameters corresponding to the task type include the task execution order. Based on the task type, the unit determines a target task module from the task module list. The task module list includes a first detection module for detecting network security, a second detection module for performing data compliance and data security detection, a third detection module for detecting data transmission security, and a fourth detection module for detecting login information security. The modules in the task module list are task modules that have been registered on the test platform to implement different test functions. The invocation unit is used to invoke the target task module to perform security testing on the call center according to the task execution order, based on the task information and the configuration information of the target task module, so as to generate test results containing the test report of the target task module.

8. An electronic device, characterized in that, include: One or more processors; Storage device for storing one or more programs. When the one or more programs are executed by the one or more processors, the one or more processors implement the method as described in any one of claims 1-6.

9. A computer-readable medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the method as described in any one of claims 1-6.

10. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the method as described in any one of claims 1-6.

Images