HK40030082B - Network security patrol method and apparatus, device and storage medium - Google Patents

Description

Network security inspection methods, devices, equipment and storage media

Technical Field

This application relates to the fields of cloud technology and network security technology, and in particular to a network security inspection method, apparatus, device and storage medium.

Background Technology

Technical personnel need to detect network security risks of the host, identify potential network security vulnerabilities, and take timely and effective measures to ensure that the host runs in a secure application delivery environment.

In related technologies, technicians detect network security risks of hosts via web pages. On the web page, technicians schedule attack machines and execute scripts such as shell, Python, and Go to send batch scan requests to the host to be detected (also known as the target machine). Scanning methods can be either single-machine or distributed scanning. Serial firewalls and bypass firewalls filter malicious rule vulnerability requests or send RST (Reset flag in the TCP (Transmission Control Protocol) header) packets to interrupt communication between the attack machine and the host to be detected. The web page records the request and response records of the attack machine to obtain the actual interception rate of the host's security system after a particular scan request.

However, the aforementioned technologies first require technicians to install a browser, enter the web address corresponding to the network security inspection in the browser, and then enter their account and password on the web page to conduct the network security inspection. The preparation process for network security inspection is quite cumbersome.

Summary of the Invention

This application provides a network security inspection method, apparatus, device, and storage medium, which improves the convenience of network security inspection preparation operations. The technical solution is as follows:

According to one aspect of the embodiments of this application, a network security inspection method is provided, the method comprising:

The project management interface is displayed in the sub-application, which includes options for at least one inspection item. The sub-application is a program that depends on the parent application to run.

Obtain the inspection execution instruction for the target inspection item in the at least one inspection item;

Send an inspection execution request to the server, the inspection execution request being used to request the execution of a network security inspection related to the target inspection item;

Receive the inspection results of the target inspection item from the server;

The inspection results are displayed in the sub-application.

According to one aspect of the embodiments of this application, a network security inspection method is provided, characterized in that the method includes:

Receive an inspection execution request from a sub-application in the applicant's client, wherein the sub-application is a program that depends on the parent application to run, and the inspection execution request is used to request the execution of a network security inspection related to the target inspection project;

Send an attack test request to the cloud platform. The attack test request includes the inspection parameters of the target inspection item. The inspection parameters are used to perform network security inspection on the target network address.

Receive the inspection results of the target inspection project from the cloud platform;

The inspection results are sent to the sub-application in the applicant's client.

According to one aspect of the embodiments of this application, a network security inspection device is provided, the device comprising:

The interface display module is used to display a project management interface in a sub-application, the project management interface including at least one inspection item option, the sub-application being a program that depends on the parent application to run;

The instruction acquisition module is used to acquire the inspection execution instruction for the target inspection item in the at least one inspection item;

The request sending module is used to send an inspection execution request to the server, wherein the inspection execution request is used to request the execution of a network security inspection related to the target inspection item;

The result receiving module is used to receive the inspection results of the target inspection item from the server.

The results display module is used to display the inspection results in the sub-application.

According to one aspect of the embodiments of this application, a network security inspection device is provided, the device comprising:

The request receiving module is used to receive inspection execution requests from sub-applications in the requester's client. The sub-applications are programs that depend on the parent application to run. The inspection execution requests are used to request the execution of network security inspections related to the target inspection project.

The request sending module is used to send an attack test request to the cloud platform. The attack test request includes the inspection parameters of the target inspection item. The inspection parameters are used to perform network security inspection on the target network address.

The result receiving module is used to receive the inspection results of the target inspection project from the cloud platform.

The result sending module is used to send the inspection results to the sub-application in the applicant client.

According to one aspect of the embodiments of this application, a computer device is provided, the computer device including a processor and a memory, the memory storing at least one instruction, at least one program, code set or instruction set, the at least one instruction, the at least one program, the code set or instruction set being loaded and executed by the processor to implement the above-described network security inspection method.

Optionally, the computer equipment includes a terminal or a server.

According to one aspect of the embodiments of this application, a computer-readable storage medium is provided, wherein the storage medium stores at least one instruction, at least one program, code set, or instruction set, wherein the at least one instruction, the at least one program, the code set, or the instruction set is loaded and executed by a processor to implement the above-described network security inspection method.

According to one aspect of the embodiments of this application, a computer program product or computer program is provided, which includes computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the aforementioned network security inspection method.

The technical solution provided in this application can bring the following beneficial effects:

Implementing network security inspection functions through sub-applications offers several advantages. Sub-applications have a wide user base and offer conveniences such as no installation required, always-available availability, quick access, and no need for uninstallation. Users only need to open the sub-application within the parent application and log in with their parent application's user account information to perform network security inspections within the sub-application. There is no need to enter the corresponding web address for network security inspections, nor is there a need to enter an account password, thus improving the convenience of network security inspection preparation.

Attached Figure Description

To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

Figure 1 is a schematic diagram of the implementation environment provided in one embodiment of this application;

Figure 2 is a flowchart of a network security inspection method provided in an embodiment of this application;

Figure 3 is a schematic diagram of a project management interface provided in one embodiment of this application;

Figure 4 is a flowchart of a network security inspection method provided in another embodiment of this application;

Figure 5 is a flowchart illustrating the submission of inspection parameters according to an embodiment of this application;

Figure 6 is a flowchart of a network security inspection method provided in another embodiment of this application;

Figure 7 is a schematic diagram of a setting animation provided in one embodiment of this application;

Figure 8 is a schematic diagram of a result query interface provided in an embodiment of this application;

Figure 9 is a flowchart illustrating the process of viewing an inspection report according to an embodiment of this application;

Figure 10 is a flowchart of a network security inspection method provided in another embodiment of this application;

Figure 11 is a schematic diagram of the process for creating an inspection project according to an embodiment of this application;

Figure 12 is a schematic diagram of a project approval interface provided in one embodiment of this application;

Figure 13 is a schematic diagram of the project approval process provided in one embodiment of this application;

Figure 14 is a schematic diagram of the project approval result provided in one embodiment of this application;

Figure 15 is a schematic diagram of a project approval result notification message provided in an embodiment of this application;

Figure 16 is a schematic diagram of a project application notification message provided in an embodiment of this application;

Figure 17 is a flowchart of a network security inspection method provided in another embodiment of this application;

Figure 18 is a schematic diagram of the project renewal result provided in one embodiment of this application;

Figure 19 is a flowchart of a network security inspection method provided in another embodiment of this application;

Figure 20 is a flowchart of a login sub-application provided in an embodiment of this application;

Figure 21 is a block diagram of a network security inspection device provided in an embodiment of this application;

Figure 22 is a block diagram of a network security inspection device provided in another embodiment of this application;

Figure 23 is a block diagram of a network security inspection device provided in another embodiment of this application;

Figure 24 is a block diagram of a network security inspection device provided in another embodiment of this application;

Figure 25 is a structural block diagram of a terminal provided in an embodiment of this application;

Figure 26 is a schematic diagram of the structure of a server provided in one embodiment of this application.

Detailed Implementation

To make the objectives, technical solutions, and advantages of this application clearer, the embodiments of this application will be described in further detail below with reference to the accompanying drawings.

Cloud technology is a collective term for network technologies, information technologies, integration technologies, management platform technologies, and application technologies applied to the cloud computing business model. It can form resource pools, providing flexible and convenient on-demand access. Cloud computing technology will become a crucial support. Backend services of technical network systems require substantial computing and storage resources, such as video websites, image websites, and many portal websites. With the rapid development and application of the internet industry, every item may have its own identification mark in the future, requiring transmission to backend systems for logical processing. Data at different levels will be processed separately, and various industry data will all require robust system support, which can be achieved through cloud computing.

Cloud security refers to the collective term for security software, hardware, users, organizations, and security cloud platforms based on cloud computing business models. Cloud security integrates emerging technologies and concepts such as parallel processing, grid computing, and the identification of unknown virus behavior. Through a large network of clients, it monitors abnormal software behavior on the network, obtains the latest information on Trojans and malware on the internet, sends it to the server for automatic analysis and processing, and then distributes solutions for viruses and Trojans to each client.

The main research directions in cloud security include: 1. Cloud computing security, which mainly studies how to ensure the security of the cloud itself and various applications on the cloud, including cloud computer system security, secure storage and isolation of user data, user access authentication, information transmission security, network attack protection, and compliance auditing; 2. Cloudification of security infrastructure, which mainly studies how to use cloud computing to build and integrate security infrastructure resources and optimize security protection mechanisms, including building a large-scale security event and information collection and processing platform through cloud computing technology to achieve the collection and correlation analysis of massive amounts of information and improve the ability to control network-wide security events and risks; 3. Cloud security services, which mainly studies various security services provided to users based on cloud computing platforms, such as antivirus services.

Cloud storage is a new concept that extends and develops from the concept of cloud computing. A distributed cloud storage system (hereinafter referred to as a storage system) refers to a storage system that uses cluster applications, grid technology and distributed storage file systems to bring together a large number of storage devices of various types in the network (storage devices are also called storage nodes) to work together through application software or application interfaces to provide data storage and business access functions to the outside world.

Currently, the storage method in storage systems is as follows: Logical volumes are created, and during creation, physical storage space is allocated to each logical volume. This physical storage space may consist of a single storage device or the disks of several storage devices. Clients store data on a logical volume, which means storing the data on the file system. The file system divides the data into many parts, each part being an object. Each object contains not only the data but also additional information such as a data identifier (ID, IDentity). The file system writes each object to the physical storage space of that logical volume, and it records the storage location information of each object. Therefore, when a client requests access to data, the file system can allow the client to access the data based on the storage location information of each object.

The process by which a storage system allocates physical storage space to a logical volume is as follows: the physical storage space is pre-divided into stripes according to the capacity estimate of the objects stored in the logical volume (this estimate often has a large margin relative to the actual capacity of the objects to be stored) and the grouping of Redundant Array of Independent Disks (RAID). A logical volume can be understood as a stripe, thus allocating physical storage space to the logical volume.

A database, simply put, can be viewed as an electronic filing cabinet—a place to store electronic files, where users can perform operations such as adding, querying, updating, and deleting data. A "database" is a collection of data stored together in a certain way, capable of being shared by multiple users, with minimal redundancy, and independent of application programs.

A Database Management System (DBMS) is a computer software system designed to manage databases, generally possessing basic functions such as storage, retrieval, security, and backup. DBMSs can be classified according to the database model they support, such as relational or XML (Extensible Markup Language); or according to the type of computer they support, such as server clusters or mobile devices; or according to the query language used, such as SQL (Structured Query Language) or XQuery; or according to performance priorities, such as maximum scale or maximum operating speed; or other classification methods. Regardless of the classification method used, some DBMSs can cross categories, for example, simultaneously supporting multiple query languages.

The solutions provided in this application relate to the application of network security technology in the field of cloud technology.

Please refer to Figure 1, which shows a schematic diagram of an implementation environment provided in one embodiment of this application. The implementation environment includes: applicant terminal 10, approver terminal 20, server 30, cloud platform 40, and target machine 50.

In this embodiment, the applicant terminal 10 can be used by the applicant, who refers to an object that has the need to create inspection projects and perform network security inspections related to those projects; the applicant terminal 10 has an applicant client installed and running. The approver terminal 20 can be used by the approver, who refers to an object with the authority to approve inspection projects; the approver terminal 20 has an approver client installed and running. The applicant terminal 10 and the approver terminal 20 can be electronic devices such as mobile phones, tablets, wearable devices, and PCs (Personal Computers).

In one example, both the applicant client and the approver client run sub-applications. These sub-applications depend on the parent application to run. Both the applicant client and the approver client can be referred to as the parent application, and the sub-applications can be referred to as mini-programs. The sub-application depending on the parent application means that it cannot run directly on the operating system but runs within the environment provided by the parent application. In other words, the sub-application cannot run independently but must rely on the parent application. The parent application obtains the logic code file of the sub-application, parses it, and then displays the sub-application's page. The applicant client and the approver client can be clients of the same application; for example, they could be clients of the same instant messaging application or the same social networking application. The sub-application cannot run independently but can be used without downloading and installing. Users can directly open the sub-application by scanning its corresponding QR code or searching for its name. The sub-application can be easily obtained and distributed within the parent application. The parent application is the application that hosts the sub-application, providing the environment for its implementation. The parent application is a native application. A native application is an application that can run directly on the operating system. The parent application can be a social application, a dedicated application that supports the child applications, a file management application, or an email application, etc. Social applications include instant messaging applications, SNS (Social Network Service) applications, or live streaming applications, etc.

In another example, the applicant's client runs a sub-application, and the approver's client is either a web page version of the application or an app (application) installed on the terminal.

In this embodiment, server 30 can be a single server or a server cluster consisting of multiple servers. Server 30 can communicate with sub-applications in the applicant's client and the approver's client, such as relaying messages between the sub-applications in the applicant's client and the approver's client.

In this embodiment, cloud platform 40 is used to provide cloud services. Cloud platform 40 can communicate with server 30. For example, cloud platform 40 can receive attack test requests sent by server 30. The attack test request includes inspection parameters for inspection items. The inspection parameters are used to perform network security inspections on the target network address of the target target machine 50. Cloud platform 40 performs network security inspections on the target network attack address and obtains the inspection results of the target inspection items. Then, cloud platform 40 sends the inspection results to server 30, so that server 30 sends the inspection results to the sub-application in the applicant's client. Optionally, cloud platform 40 includes a cloud server and a cloud database. The above attack test is performed by the cloud server in cloud platform 40, and the above inspection results are stored in the cloud database in cloud platform 40.

Target machine 50 refers to a host with network security risk detection capabilities; it can also be called a host to be detected. In possible implementations, target machine 50 runs a security system. In this embodiment, the operating environment of the security system in target machine 50 can be detected by means of a sub-application in the applicant's client.

The present application will now be described through several embodiments.

Please refer to Figure 2, which shows a flowchart of a network security inspection method provided in an embodiment of this application. In this embodiment, the method is described in the implementation environment shown in Figure 1. The method may include the following steps (201-207):

Step 201: The sub-application in the applicant's client displays the project management interface.

In this embodiment, the project management interface includes options for at least one inspection item, and the sub-application is a program that depends on the parent application to run. In this case, the parent application is the aforementioned client application.

In one possible implementation, the inspection items are displayed as entries in the project management interface.

Step 202: The sub-application in the applicant client obtains the inspection execution instruction for the target inspection item in at least one inspection item.

An inspection execution instruction is an instruction used to request the execution of a network security inspection. The target inspection item is any one of the inspection items that has been approved and completed among the above-mentioned at least one inspection item, that is, the project approval result of the target inspection item is approved and the project validity status is valid.

Figure 3 shows a schematic diagram of a project management interface. The project management interface 300 includes four inspection project options: an inspection project named "Security POC (Proof of Concept)," an inspection project named "xx Bank," an inspection project named "Test Results," and an inspection project named "2345." The project management interface 300 shows that the inspection project named "Test Results" or the inspection project named "2345" has been approved and is valid. Therefore, the applicant can select either the inspection project named "Test Results" or the inspection project named "2345" as the target inspection project. Assuming the applicant selects the inspection project named "2345" as the target inspection project, the sub-application in the applicant's client will obtain the inspection execution instruction for the inspection project named "2345."

Step 203: The sub-application in the applicant client sends an inspection execution request to the server.

In this embodiment, the inspection execution request is used to request the execution of a network security inspection related to the target inspection item. Network security inspection refers to detecting network security risks to identify potential threats and take timely and effective measures to ensure network security. Network security inspection includes remote security inspection; for example, a remote security inspection can be performed on the security system in the host to be inspected to determine whether the security system is active. If the security system is inactive, the host to be inspected, which has the security system installed, is in a dangerous network environment and is vulnerable to malicious attacks. When the sub-application in the applicant's client receives the inspection execution instruction for the target inspection item, it sends an inspection execution request to the server. Optionally, the inspection execution request includes inspection parameters, which are used to perform a security network inspection on the target network address, where the target network address refers to the network address corresponding to the target machine (the host to be inspected).

Accordingly, the server receives an inspection execution request from a sub-application in the requester's client. The inspection execution request is used to request the execution of a network security inspection related to the target inspection item.

Step 204: The server sends an attack test request to the cloud platform.

An attack test request is a request to initiate an attack test on a target network address. In this embodiment, the attack test request includes inspection parameters for the target inspection item, which are used to perform network security inspections on the target network address. When the server receives an inspection execution request from a sub-application in the applicant's client, the server sends an attack test request to the cloud platform, which provides attack test services. In one example, the inspection execution request includes inspection parameters for the target inspection item; the server obtains these parameters from the request and sends them to the cloud platform. In another example, the server determines the inspection parameters itself and then sends them to the cloud platform. In yet another example, the attack test request does not include the inspection parameters for the target inspection item, and the cloud platform determines the parameters itself.

Step 205: The server receives the inspection results of the target inspection project from the cloud platform.

After the cloud platform completes the attack test, it will obtain the inspection results of the aforementioned target inspection items. The inspection results refer to the results obtained after performing network security inspections on the target network address. These results are used to indicate the network security risks of the target network address. For example, the inspection results may include at least one of the following: the blocking success rate for each attack type, and the overall blocking success rate. The blocking success rate for each attack type reflects the security system's defense capability against that type of attack; a higher blocking success rate indicates a stronger defense capability against that type of attack. The overall blocking success rate reflects the security system's overall defense capability against all tested attacks; a higher overall blocking success rate indicates a stronger overall defense capability. In one example, the server can send a result query request to the cloud platform to request the inspection results of the target inspection items. After receiving the result query request, the cloud platform sends the inspection results of the target inspection items to the server. In another example, the cloud platform proactively pushes the inspection results of the target inspection items to the server.

Step 206: The server sends the inspection results to the sub-application in the requester's client.

Accordingly, the sub-application in the applicant's client receives the inspection results of the target inspection items from the server.

Step 207: The sub-application in the applicant's client displays the inspection results.

After receiving the inspection results, the sub-application in the applicant's client will display the inspection results in the result query interface of the sub-application for the applicant to view. The result query interface will automatically redirect to the display within a preset time after the sub-application receives the inspection execution instruction.

It should be noted that this embodiment only illustrates the display of inspection results by a sub-application in the applicant's client. In possible implementations, the sub-application in the approver's client can also display inspection results; that is, the approver can also create its own inspection projects and receive and display the inspection results of those projects. In another possible implementation, the sub-application in the approver's client can also display the inspection results of inspection projects created by the applicant and approved by the approver. The process of displaying inspection results by the sub-application in the approver's client can be consistent with that of the sub-application in the applicant's client, and will not be elaborated further in this embodiment. Optionally, the approver can also approve inspection projects created by itself.

In summary, the technical solution provided in this application implements network security inspection functions through sub-applications. Since sub-applications have a wide user base and offer conveniences such as no installation required, always available, use and discard, and no uninstallation required, users only need to open the sub-application within the parent application and directly log in with their parent application's user account information to perform network security inspections within the sub-application. There is no need to enter the corresponding web page address for network security inspections, nor is there a need to enter an account password, thus improving the convenience of network security inspection preparation operations.

In an illustrative embodiment, as shown in FIG4, a flowchart of a network security inspection result display method provided in another embodiment of this application is illustrated. In this embodiment, the method is described in the implementation environment shown in FIG1. The method may include the following steps (401-411):

Step 401: The sub-application in the applicant's client displays the project management interface.

In this embodiment of the application, the project management interface includes an option for at least one inspection item, and the sub-application is a program that depends on the parent application to run.

Step 402: The sub-application in the applicant client receives the inspection initiation instruction for the options of the target inspection item.

The inspection initiation command refers to the command to initiate a network security inspection. As shown in Figure 5, the project management interface 510 includes four inspection project options: an inspection project named "Security POC (Proof of Concept)," an inspection project named "xx Bank," an inspection project named "Test Results," and an inspection project named "2345." When the applicant clicks the "Initiate Inspection" button 511 corresponding to the inspection project option named "2345," the sub-application in the applicant's client receives the inspection initiation command for the inspection project option named "2345."

Step 403: The sub-application in the applicant's client displays the inspection submission interface corresponding to the target inspection project.

The inspection submission interface refers to the interface used to submit inspection parameters. The inspection submission interface for each inspection item can be the same or different. For example, all sub-applications may display the same inspection submission interface, or the sub-applications may display a personalized inspection submission interface based on the project name of the inspection item.

Taking the above example as an example, as shown in Figure 5, when the sub-application in the applicant's client receives the inspection initiation instruction for the inspection project with the project name "2345", the sub-application in the applicant's client displays the inspection submission interface 520 corresponding to the inspection project with the project name "2345".

In the project management interface, for inspection projects that have been approved by the approver, when the applicant refreshes the project management interface, the display status of the button corresponding to the inspection project option will change from "Pending Approval" to "Initiate Inspection". At this time, when the applicant clicks the "Initiate Inspection" button, the sub-application will redirect the interface to the inspection submission interface.

It should be noted that when the value of the project application status field in the psg_project collection of the cloud database in the cloud platform is not 1, the "Initiate Inspection" button will not appear in the project management interface.

Step 404: The sub-application in the applicant's client obtains the inspection parameters submitted in the inspection submission interface.

In this embodiment of the application, the inspection parameters are used to perform network security inspections on the target network address.

The target network address indicates the network address of the target machine, which is the host to be inspected for network security checks. Optionally, the target network address includes an IP (Internet Protocol) address and a port.

In one possible implementation, the inspection submission interface includes a network address input box and a test case selection list. The test case selection list includes at least one test case, which is used to indicate the type of attack when performing a network security inspection.

The sub-application calls the `user_project_querytestcase` function to instruct the server to iterate through and retrieve the executable test case results from the `psg_attack_type` collection in the cloud database of the cloud platform. This test case result information mainly includes at least one of the following: the person who added the test case, the Chinese name of the test case, the English name of the test case, the security threat level of the test case, the payload (raw data) content of the test case, and the availability status of the test case. The server combines the above-mentioned test case result information into a JSON (JavaScript Object Notation) format result set and returns it to the sub-application as a test case selection list. The security threat level of the test case includes high, medium, and low; a higher level indicates a higher security threat to the target network address. The payload content of the test case can be a URL (Uniform Resource Locator). It should be noted that the people who add test cases include the approver and the applicant. Test cases added by the approver are visible to all users. Test cases added by the applicant in the background are only visible to the applicant and are only visible to the applicant if the availability status of the test case is 1 (1 means available and added with the approval of the approver, 0 means unavailable or added without the approval of the approver), so as to avoid the applicant's information exceeding their authority.

In a possible implementation, the applicant adds and deletes test cases on the front end of a sub-application. For example, the sub-application displays a test case add/delete interface, retrieves the first test case submitted in the interface, sends a test case approval instruction to the server, which includes the aforementioned first test case, receives the test case approval result returned by the server, and displays a personalized test case selection list based on the approval result. Exemplarily, the test case add/delete interface includes at least one test case and a test case input box. The sub-application retrieves the first test case submitted in the interface by: retrieving the new test case submitted in the test case input box; and receiving a deletion instruction for a preset test case among the at least one test case, the preset test case including at least one test case.

As shown in Figure 5, the inspection submission interface 520 includes a network address input box 521 and a test case selection list 522. The network address input box 521 is used for the applicant to input the target network address, and the test case selection list 522 is used for the applicant to select test cases. The sub-application generates the test case selection list 522 based on the Chinese names corresponding to the test cases returned by the psg_attack_type collection of the cloud database. Optionally, the test case selection list 522 includes the following test cases: code injection, command injection, Jenkins vulnerability, Shellshock vulnerability, SQL (Structured Query Language) injection, vulnerability scanning, Elasticsearch vulnerability, Struts vulnerability, and machine batch control exploitation.

The sub-application in the applicant's client obtains the inspection parameters submitted in the inspection submission interface in the following ways: obtaining the target network address entered in the network address input box; obtaining the target test case selected in the test case selection list, wherein the target test case includes at least one test case; wherein the inspection parameters include the target network address and the target test case.

As shown in Figure 5, the applicant can enter the IP address and port in the network address input box 521, and check the test cases to be executed in the test case selection list 522. For example, if the target network address entered by the applicant is 192.168.240.51:8979, the target test cases selected by the applicant include: command injection, SQL injection, and Elasticsearch vulnerability.

Step 405: Upon receiving the submission instruction for the inspection parameters, the sub-application in the applicant's client confirms that it has obtained the inspection execution instruction for the target inspection item.

Optionally, as shown in Figure 5, the inspection submission interface 520 includes a "Submit" button 523. When the applicant clicks the "Submit" button 523, a submission instruction is triggered. At this time, the sub-application confirms that it has obtained the inspection execution instruction for the target inspection item.

When the applicant clicks the network address input box 521, if the applicant has no previous input record, they need to manually enter the corresponding target network address in the network address input box 521. When the applicant clicks the "Submit" button 523 on the inspection submission interface 520, the sub-application will perform regular expression matching for six types of valid inputs: IPv4 (Internet Protocol Version 4), IPv6, domain name, IPv4 + port, IPv6 + port, and domain name + port. Invalid inputs will fail to submit successfully. This prevents the network address input box 521 from being used for malicious or illegal input. If the applicant has previously entered a target network address in the network address input box 521 and successfully submitted it by clicking the "Submit" button 523, the sub-application will update the local cache record of the target network address submitted for this inspection project after receiving the submission instruction. The next time the applicant clicks the network address input box 521 again, the sub-application will retrieve all the target network addresses that have been submitted in the history of this inspection project from the mini-program's local cache for the applicant to quickly select and execute.

The sub-application calls the `user_project_submittestcase` function to notify the server to add all test cases selected and submitted by the applicant to the `psg_attack_record` collection in the cloud database one by one and generate corresponding auto-incrementing IDs. The inspection parameters passed by the sub-application to the server include at least one of the following: the Chinese name of the test case, the security threat level of the test case, the total number of test cases of each type, the target network address, the inspection timestamp, the payload content of the test case, the project identifier, and the user identifier. It should be noted that the inspection timestamp needs to be accurate to milliseconds, and this value must be consistent for test cases submitted within the same inspection project.

Step 406: The sub-application in the applicant client sends an inspection execution request to the server.

In this embodiment, the inspection execution request is used to request the execution of a network security inspection related to a target inspection item. The inspection execution request includes inspection parameters.

Accordingly, the server receives an inspection execution request from a sub-application in the requester's client. The inspection execution request is used to request the execution of a network security inspection related to the target inspection item.

The sub-application adopts the WeChat Mini Program Cloud Development model, which includes three basic functional supports: (1) Cloud Functions: code running on the cloud platform, with natural authentication via the parent application's private protocol; (2) Cloud Databases: JSON databases that can be operated on the front end of the sub-application and read/written in cloud functions; (3) Cloud Storage: files uploaded or downloaded from the cloud by the front end of the sub-application and managed visually in the cloud development console. Developers of the sub-application can use the APIs (Application Programming Interfaces) provided by the three basic functionalities of the parent application platform to define interfaces and complete the core business logic development.

Step 407: The server sends an attack test request to the cloud platform.

In this embodiment of the application, the attack test request includes inspection parameters for the target inspection item, which are used to perform network security inspection on the target network address.

In one possible implementation, after receiving the target test cases selected by the applicant, the cloud platform concurrently calls the WeChat Mini Program cloud function `commontestcase` to schedule offline attack testing tasks. The main actions performed by `commontestcase` include: remotely logging into the attacking machine; determining the attack type script corresponding to each test case; sending attack test requests to the target network address via the attacking machine's parallel invocation of the attack type script corresponding to each test case; and receiving the relevant parameters returned by the attack type script corresponding to each test case.

The cloud platform uses the English name of the test case to find the corresponding attack type script and initiates a wrk load test to the target network address. The wrk load test executes continuous attack test requests. After each attack test request is completed, the attack type script records relevant parameters for that type of attack test request. These parameters include the number of attack test requests and the number of successful attack test responses (the number of responses returned by the target network address to the attacking machine after receiving the attack test request), and displays them. The cloud function scheduled for the corresponding attack type obtains the aforementioned relevant parameters returned after the attack type script is executed to further calculate the blocking success rate and blocking failure rate of the test case. It also performs precise matching and field value updates of the psg_attack_record set records based on the auto-incrementing ID information generated when the corresponding test case was added to the psg_attack_record set. The main updates are to the three fields: the number of attack test requests, the blocking success rate, and the blocking failure rate. It should be noted that before the psg_attack_record set records are updated, the default values of these three fields are 0.

The cloud platform determines the inspection results corresponding to the target inspection item based on relevant parameters. The inspection results may include the blocking success rate corresponding to each test case. The blocking success rate corresponding to the test case is determined as follows: determine the difference between the number of attack test requests corresponding to the test case and the number of successful attack test responses corresponding to the test case; determine the blocking success rate corresponding to the test case based on the ratio of the difference to the number of attack test requests corresponding to the test case.

The above inspection results also include the overall blocking success rate. The cloud platform determines the overall blocking success rate as follows: the first parameter is determined by the sum of the products of the number of attack test requests corresponding to each test case and the blocking success rate corresponding to the test case; the second parameter is determined by the sum of the number of attack test requests corresponding to each test case; and the overall blocking success rate is determined by the ratio of the first parameter and the second parameter.

The cloud platform calculates the overall blocking success rate based on the timestamp of the same inspection project for that batch of test cases. The overall blocking success rate can be calculated using the following formula: sum(number of attack test requests for each test case * blocking success rate for that test case) / sum(number of attack test requests for each test case). The first parameter is sum(number of attack test requests for each test case * blocking success rate for that test case), and the second parameter is sum(number of attack test requests for each test case). Assuming the target test cases include command injection and SQL injection, with 1 attack test request for command injection and 2 successful responses for command injection, the blocking success rate for command injection is: (1 - 2) / 1. The calculation method for the blocking success rate for SQL injection is similar and will not be repeated here. The overall blocking success rate is: (number of attack test requests for command injection * blocking success rate for command injection + number of attack test requests for SQL injection * blocking success rate for SQL injection) / (number of attack test requests for command injection + number of attack test requests for SQL injection).

When the overall blocking success rate of an inspection project is below 95%, the cloud platform will determine that the network environment of the target network address is high-risk, and the security system is ineffective or unhealthy. Conversely, when the overall blocking success rate of the inspection project is above 95%, the cloud platform will determine that the network environment of the target network address is low-risk, and the security system is effective or healthy. Furthermore, the cloud platform will check if the values of the attack test request count and the blocking success rate corresponding to all test cases for a certain inspection project are both 0. If both are 0, it means that the offline inspection tasks for the test cases of that inspection project have not been fully completed. In this case, the inspection test case calculation result set returned to the sub-application needs to add the inspection status of the inspection project to "in progress"; otherwise, the inspection test case calculation result set will default to adding the inspection status of the inspection project to "completed". The server will assemble all the calculation results into JSON format and return them to the sub-application for displaying the inspection results of the inspection project.

In possible implementations, the inspection results include at least one of the following: overall blocking success rate, blocking success rate for each test case, number of attack test requests for each test case, and security threat level for each test case.

This application utilizes cloud functions as a trial example for concurrent scheduling in patrol detection, thereby improving the efficiency of designing high-concurrency scheduling mechanisms in related technologies.

Step 408: The server sends a result query request to the cloud database in the cloud platform.

In this embodiment of the application, the result query request includes the identifier of the target inspection item, and the cloud database stores the inspection results of at least one inspection item.

Optionally, the cloud database stores at least one correspondence, which is the correspondence between the identifier of an inspection project and the inspection result of that inspection project. After receiving a result query request from the server, the cloud platform queries the cloud database for at least one of the above correspondences based on the identifier of the target inspection project to obtain the inspection result of the target inspection project. After retrieving the inspection result of the target inspection project, the cloud database sends the inspection result of the target inspection project to the server.

Step 409: The server receives the inspection results of the target inspection project from the cloud database.

Step 410: The server sends the inspection results to the sub-application in the requester's client.

Accordingly, the sub-application in the applicant's client receives the inspection results of the target inspection items from the server.

Step 411: The sub-application in the applicant's client displays the inspection results.

For a description of steps 410 to 411, please refer to the above embodiments; they will not be repeated here.

In summary, the technical solution provided in this application uses cloud functions as a trial example for concurrent scheduling of patrol detection, which improves the efficiency of designing high-concurrency scheduling mechanisms in related technologies.

Furthermore, this application embodiment utilizes a sub-application carrier to achieve personal project management, test case management, and remote login scheduling of the attacking machine using cloud functions to perform malicious rule vulnerability testing on the target network address (the network address where the target machine is located). Security systems such as serial firewalls and bypass firewalls, upon detecting a malicious rule vulnerability request, will either drop the attacking machine's request packet or send an RST packet to interrupt the connection between the attacking machine and the target machine. This application embodiment verifies whether the security system is operating healthily and whether the security system has recorded malicious request packets and alarm records by statistically analyzing the success rate of malicious request packet responses, thereby achieving the purpose of remote security system inspection.

In an illustrative embodiment, as shown in FIG6, a flowchart of a network security inspection method provided in another embodiment of this application is illustrated. In this embodiment, the method is described in the implementation environment shown in FIG1. The method may include the following steps (601-613):

Step 601: The sub-application in the applicant's client displays the project management interface.

In this embodiment of the application, the project management interface includes an option for at least one inspection item, and the sub-application is a program that depends on the parent application to run.

Step 602: The sub-application in the applicant client obtains the inspection execution instruction for the target inspection item in at least one inspection item.

Step 603: The sub-application in the applicant's client sends an inspection execution request to the server.

In this embodiment of the application, the inspection execution request is used to request the execution of a network security inspection related to the target inspection item.

Accordingly, the server receives an inspection execution request sent by a sub-application in the requesting client. The inspection execution request is used to request the execution of a network security inspection related to the target inspection item.

Step 604: The server sends an attack test request to the cloud platform.

In this embodiment of the application, the attack test request includes inspection parameters for the target inspection item, which are used to perform network security inspection on the target network address.

For a description of steps 601 to 604, please refer to the above embodiments, which will not be repeated here.

Step 605: The sub-application in the applicant's client plays the setup animation.

Since network security inspections are performed asynchronously and offline, when the sub-application in the requester's client receives the inspection execution instruction for the target inspection item, it plays a setting animation to buffer and wait for the offline inspection results to return.

The sub-application in the applicant's client calls the URL (Uniform Resource Locator) corresponding to the pre-uploaded setting animation in the mini-program cloud storage to play the setting animation on the inspection submission interface while waiting for the background inspection results to be returned. As shown in Figure 7, when the sub-application in the applicant's client receives the inspection execution instruction for the target inspection project, it plays the setting animation 710 in the inspection submission interface 700.

It should be noted that steps 605 and 603 can be executed simultaneously; or steps 605 can be executed first, followed by steps 603. This application embodiment does not limit this.

Step 606: After the animation playback is complete, the sub-application in the applicant's client sends a query request to the server.

In this embodiment of the application, the query request is used to request at least one historical inspection record of the target inspection item.

Accordingly, the server receives query requests from sub-applications in the requester's client.

Step 607: The server forwards the query request to the cloud database in the cloud platform.

In one possible implementation, the query request includes an identifier for the target inspection item. Upon receiving the query request, the server forwards it to the cloud platform. This allows the cloud database on the platform to determine at least one historical inspection record for the target inspection item based on its identifier and send this record to the server. The cloud database stores the mapping between the inspection item identifier and its historical inspection records. It should be noted that the query request sent by the server to the cloud platform can be the same as or different from the query request received by the server.

Step 608: The server receives at least one historical inspection record of the target inspection project from the cloud database.

Step 609: The server sends at least one historical inspection record of the target inspection item to the sub-application in the applicant's client.

Accordingly, the sub-application in the applicant's client receives at least one historical inspection record of the target inspection item from the server.

In one possible implementation, the playback duration of the animation is set to be consistent with the duration for which the cloud platform obtains the inspection results. For example, after the cloud platform obtains the inspection results, it actively sends the inspection results to the server, so that the server sends the inspection results to the sub-application. Once the sub-application obtains the inspection results, it can stop playing the set animation.

Step 610: The sub-application in the applicant's client displays the result query interface.

In this embodiment of the application, the result query interface includes an option for at least one historical inspection record of the target inspection item.

After the inspection submission interface completes the animation playback, the sub-application will automatically redirect to the result query interface. At this time, the sub-application will call the interface to notify the server to query relevant information of the cloud database psg_attack_record collection based on the user identifier and project identifier fields. Since the sub-application stipulates that no more than 20 records of cloud database collection information can be retrieved at a time, in order to speed up the traversal and retrieval of database information, the server will first sort the cloud database psg_attack_record collection in reverse order of inspection timestamp (i.e., sorted by the latest inspection execution time) according to the project identifier passed by the sub-application, as shown in Figure 8, which illustrates a schematic diagram of a result query interface. This result query interface 800 has the option to display historical inspection records in reverse order of inspection timestamp.

Step 611: The sub-application in the applicant's client receives a viewing instruction for the options of the target historical inspection records.

The target historical inspection record is one of the at least one historical inspection record mentioned above. In this embodiment, the target historical inspection record is the historical inspection record corresponding to the inspection result.

Step 612: The sub-application in the applicant's client displays the report display interface.

The server uses user identifier, project identifier, and inspection timestamp to precisely match and query the psg_attack_record collection in the cloud database. The obtained JSON format result set includes the following information: the Chinese name of the test case, the security threat level of the test case, the total number of test case types, the number of attack test requests for each test case, the blocking success rate for each test case, the target network address, and the inspection timestamp. After the sub-application retrieves the JSON format result set returned by the server, it will display it in two interfaces: a result query interface and a report display interface. The result query interface will retrieve local cache records to obtain and display information such as project name, project abbreviation, and project creation time. It will also sort the results in descending order based on the inspection timestamp in the JSON format result set returned by the server. The historical inspection records mainly display fields including at least one of the following: target machine (i.e., target network address), inspection time, and inspection status of the inspection trial case. When the inspection status of the inspection trial case is "completed," the applicant can click the option of the historical inspection record for the corresponding batch to further jump to the report display interface for that batch. In the report display interface, the sub-application reads local cache records to obtain information such as project name and project abbreviation. Then, it retrieves information such as target target machine (i.e. target network address), inspection time, overall blocking success rate, security system operation status, blocking success rate for each test case, number of attack test requests for each test case, and security threat level for each test case from the JSON result set returned by the server and displays the results in bar charts, pie charts, and other visualizations.

Step 613: The sub-application in the applicant's client displays the inspection report corresponding to the inspection results in the report display interface.

As shown in Figure 9, the applicant clicks the "Completed" button 911 corresponding to the option for the historical inspection record with an inspection time of 2020-06-14 16:26:48 in the result query interface 910. This triggers a viewing command for the option of the historical inspection record with an inspection time of 2020-06-14 16:26:48. Then, the sub-application displays a report display interface 920, which shows the inspection report corresponding to the inspection results of the historical inspection record with an inspection time of 2020-06-14 16:26:48. Optionally, the inspection report includes the project name, target network address, inspection time, security overview (overall success rate of blocking malicious requests), the success rate of blocking for each test case, the distribution of the number of requests for each test case, and the security threat level for each test case.

In practical application testing, the technical solution provided in this application shows that remote inspection of the security system can be completed in minutes and can provide a visual inspection report output.

In an illustrative embodiment, as shown in FIG10, a flowchart of a network security inspection method provided in another embodiment of this application is illustrated. In this embodiment, the method is described in the implementation environment shown in FIG1. The method may include the following steps (1001-1016):

Step 1001: The sub-application in the applicant's client displays the project management interface.

The project management interface also includes a project creation control, which is used to create new inspection projects. If the applicant is logging into the sub-application for the first time, the inspection projects will not be displayed in the project management interface, but the applicant can create an inspection project. If the applicant is not logging into the sub-application for the first time and has created an inspection project before, the created inspection projects will be displayed in the project management interface.

When the applicant logs into the project management interface, the sub-application uses user account information, such as the applicant's user ID and nickname, to query the backend interface and retrieve the inspection projects under that user's name from the `psg_project` collection in the cloud database. If the server finds no inspection projects under that user's name in the `psg_project` collection, it returns an empty list to the frontend. Upon receiving this empty list, the frontend prompts the applicant to click a project creation control, such as the "Create Project" button, to create a new inspection project. When the applicant clicks the project creation control, the sub-application passes the information to the server to add personal information attributes such as the applicant's user ID (openid), nickname, avatar, and project creation time to the `psg_project` collection in the cloud database.

If the backend retrieves projects under the username from the `psg_project` collection, it returns a list of projects in JSON format to the sub-application. This list includes at least one of the following: project identifier, project name, project abbreviation, project creation time, project expiration date, "Project Application Status" field value, and "Project Validity Status" field value. The sub-application will adjust the text display and availability of the "Initiate Inspection" button based on the "Project Application Status" field value. A value of 0 indicates a newly created inspection project awaiting approval; 1 indicates the inspection project has been approved; 2 indicates the inspection project has been rejected; and 3 indicates the inspection project has been renewed and awaits approval. The sub-application will also adjust the permission validity period field based on the "Project Validity Status" field value. A value of 0 indicates the validity period has expired, and the permission validity period field will display "Renewal Required"; a value of 1 indicates the validity period is currently active, and the permission validity period field will display the final expiration date of the inspection project.

Step 1002: The sub-application in the applicant's client receives the project creation instruction for the project creation control and displays the project creation interface.

Figure 11 illustrates a schematic diagram of a project management interface 1110, which includes a project creation control 1111. The applicant can click the project creation control 1111 to trigger a project creation command to be sent to a sub-application, which then displays the project creation interface 1120.

Step 1003: The sub-application in the applicant's client obtains the project information of the new inspection project submitted in the project creation interface.

In possible implementations, project information includes at least one of the following: project name, project permission validity period, applicant role, reason for application, and project abbreviation. The project creation interface 1120 includes an input box 1121 for project information, where the applicant can enter project information. The project creation interface 1120 also displays a project submission control 1122, which is used to submit project information for a new inspection project. After the user enters the project information, they can click the project submission control 1122 to allow the sub-application to obtain the project information for the new inspection project.

After the sub-application in the applicant's client obtains the project information, the project management interface 1110 will display the option for the inspection project that the applicant just created, and the button 1112 corresponding to the option of the inspection project will be displayed as "Pending Approval".

Step 1004: The sub-application in the applicant's client sends a project approval request to the server.

In this embodiment of the application, the project approval request is used to request approval for a new inspection project, and the project approval request includes the project information of the new inspection project.

After the applicant submits the project information, the approver needs to review and approve the project information for the new inspection project. Once the sub-application obtains the project information, it sends a project approval request to the server. For example, when the applicant clicks the project submission control 1122, the sub-application obtains the project information and sends a project approval request to the server.

Accordingly, the server receives a project approval request sent by a sub-application in the applicant's client. The project approval request is used to request approval for a new inspection project and includes the project information of the new inspection project.

Step 1005: The server sends project approval information to the sub-application in the approver's client.

In this embodiment of the application, the project approval information includes project information.

In one possible implementation, the project approval request also includes the applicant's user information and the project creation timestamp of the new inspection project. After the server obtains the project approval information, it sends the project approval information to the cloud platform, so that the cloud platform can generate an identifier for the new inspection project based on the project information, the applicant's user information, and the project creation timestamp, and store the identifier of the new inspection project, the project information of the inspection project, and the applicant's user information in the cloud database.

Accordingly, the sub-application in the approver's client receives project approval information from the server.

Step 1006: The sub-application in the approver's client receives the approval operation for the project approval information in the project approval interface.

The approver enters the project approval interface displayed in the sub-application of the approver's client to approve the project approval information. The sub-application of the approver's client receives the approver's approval operation on the project approval information, which includes approval or rejection.

Optionally, the sub-application in the approver's client has two entry points in the project management interface: "My Projects" and "Management Center". If the sub-application determines that the current user has approver privileges, it instructs the server to query the project information under all usernames in the cloud database psg_project collection, and combines this information into a JSON-formatted result set, which is then returned to the project management interface as a project list. The main fields of the JSON-formatted result set include all project identifiers, project names, project abbreviations, project creation time, project last validity period, the value of the "Project Application Status" field, and the value of the "Project Validity Status" field.

As shown in Figure 12, when the approver logs into the sub-application and enters the project management interface, the front end will display four tabs: "Pending Approval", "Renewal Request", "Approved", and "Rejected". The default display interface is the "Pending Approval" interface 1210. The front end will call the query_user_project function to request the server to traverse and query the list of projects in the psg_project collection in the cloud database whose "Project Application Status" field value is 0 (representing a newly created project pending approval). The server will combine the queried project list results into a JSON result set and return it to the front end to display information such as project creation time, user avatar, user nickname, and project name on the "Pending Approval" interface 1210. Similarly, when the approver switches to the other three tab titles, the front end calls the query_user_project function to request the back end to traverse and query the project application status field of the psg_project collection in the cloud database. The project result list has values of 3 (representing that the project is pending approval), 1 (representing that the project has been approved), and 2 (representing that the project has been rejected). The server combines the corresponding project list results into a JSON result set and returns it to the sub-application to list and display information such as project creation time, user avatar, user nickname, and project name on the corresponding pages, such as the "Renewal Request" page 1220, the "Approved" page 1230, and the "Rejected" page 1240.

As shown in Figure 13, in the "Pending Approval" interface 1310, when the approver clicks on a specific inspection item, a front-end pop-up window 1320 is triggered, displaying project information such as the project name, project abbreviation, applicant role, validity period, and application reason, allowing the approver to perform either approval or rejection. When the approver clicks the "Approved" button 1321 in the pop-up window 1320, the sub-application in the approver's client receives the approval operation. The sub-application calls the backend function `admin_project_applypass` to update the "Project Application Status" field in the `psg_project` collection of the cloud database to 1 (representing approval). When the approver clicks the "Reject Application" button in the pop-up window 1320, the sub-application in the approver's client receives the rejection operation. The sub-application calls the backend function `admin_project_applyreject` to update the "Project Application Status" field in the `psg_project` collection of the cloud database to 2 (representing rejection), and calls the `push_user_apply` function to push the approval result notification to the applicant.

Step 1007: The sub-application in the approver's client generates the project approval result based on the approval operation.

When a sub-application receives an approval request, the generated project approval result is "Project Approval Approval Result"; when a sub-application receives an approval rejection request, the generated project approval result is "Project Approval Rejection Result".

Step 1008: The sub-application in the approver's client sends the project approval result to the server.

Accordingly, the server receives the project approval result determined by the sub-application in the approver's client based on the project information.

Step 1009: The server sends the project approval result to the sub-application in the applicant's client.

Accordingly, the sub-application in the applicant's client receives the project approval results for the new inspection project from the server.

Step 1010: The sub-application in the applicant's client displays the project approval result in the project management interface.

As shown in Figure 14, if the project approval result is "Project Approved", the display status of the target button 1410 corresponding to the option for the new inspection project in the project management interface 1400 changes from "Pending Approval" to "Initiate Inspection". If the project approval result is "Project Approval Rejected", the display status of the target button 1410 corresponding to the option for the new inspection project in the project management interface 1400 changes from "Pending Approval" to "Rejected".

In a possible implementation, after the sub-application in the applicant client receives the project approval result of the new inspection project from the server, it also performs the following steps: obtains each field contained in the project approval result, the field including at least one of the following: project approval time, project approver, and project review result; fills each field into the project approval result notification message template to generate a project approval result notification message; and displays the project approval result notification message in the parent application.

Optionally, the server requests two notification message templates for project approval application notification and approval result notification. The project approval application notification message template mainly includes four fields: project name, user nickname, application reason, and application time. The project approval result notification message template mainly includes five fields: project name, application time, processing time, reviewer, and review result. For example, Figure 15 shows a schematic diagram of a project approval result notification message, where project approval result notification message 1500 includes the following five fields: project name, application time, processing time, reviewer, and review result; Figure 16 shows a schematic diagram of a project approval application notification message, where project approval application notification message 1600 includes the following four fields: project name, user nickname, application reason, and application time.

When the applicant clicks the "New Project" or "Pending Renewal" submission button, the sub-application will notify the backend to call the WeChat Mini Program API interface wx.requestSubscribeMessage to authorize the push of two notification message templates. If the applicant clicks to allow push notification authorization, they will receive the project approval result notification message after the approver approves the application; otherwise, they will not receive the project approval result notification message.

The approval process between the approver and the applicant uses a notification message template subscription method, which can effectively reduce the cost of sending SMS messages.

Step 1011: The sub-application in the applicant client obtains the inspection execution instruction for the target inspection item in at least one inspection item.

Step 1012: The sub-application in the applicant client sends an inspection execution request to the server.

In this embodiment of the application, the inspection execution request is used to request the execution of a network security inspection related to the target inspection item.

Accordingly, the server receives inspection execution requests from sub-applications in the requesting client. Sub-applications are programs that depend on the parent application to run. The inspection execution requests are used to request the execution of network security inspections related to the target inspection item.

Step 1013: The server sends an attack test request to the cloud platform.

In this embodiment of the application, the attack test request includes inspection parameters for the target inspection item, which are used to perform network security inspection on the target network address.

Step 1014: The server receives the inspection results of the target inspection project from the cloud platform.

Step 1015: The server sends the inspection results to the sub-application in the requester's client.

Accordingly, the sub-application in the applicant's client receives the inspection results of the target inspection items from the server.

Step 1016: The sub-application in the applicant's client displays the inspection results.

For a description of steps 1011 to 1016, please refer to the above embodiments; they will not be repeated here.

It should be noted that steps 1002 to 1010 can be executed after step 1011, meaning that the applicant can create a new inspection project only after this network security inspection has been completed.

In summary, the technical solution provided in this application embodiment, which allows the approver to approve the inspection projects created by the applicant, helps to unify the management of inspection projects and avoids the situation of maliciously creating inspection projects.

In an illustrative embodiment, as shown in FIG17, a flowchart of a network security inspection method provided in another embodiment of this application is illustrated. In this embodiment, the method is described in the implementation environment shown in FIG1. The method may include the following steps (1701-1715):

Step 1701: The sub-application in the applicant's client displays the project management interface.

Step 1702: The sub-application in the applicant client obtains the project renewal instruction for the options of the target inspection project.

To prevent the abuse of network security inspection services, each inspection project has a validity period limit. When the validity period of an approved inspection project expires, the applicant can click the project renewal control in the project management interface to apply for project renewal.

As shown in Figure 18, the project management interface 1800 displays at least one inspection project option. The validity period of inspection project 1810 with the project name "xx Bank" has expired. The applicant can trigger the project renewal instruction by clicking the project renewal control 1820 corresponding to the inspection project option 1810.

Step 1703: The sub-application in the applicant's client sends a project renewal request to the server.

In this embodiment, the project renewal request is used to request an extension of the validity period of the target inspection project. In one example, the applicant cannot select the project renewal time, and the project renewal time is consistent with the validity period selected when the target inspection project was created. In another example, the applicant can select the project renewal time. When the sub-application in the applicant's client receives the project renewal instruction, it displays a project renewal time selection list, and the applicant can independently select the project renewal time from the list. In this case, the project renewal request includes the project renewal time.

Accordingly, the server receives project renewal requests from sub-applications in the requester's client.

Step 1704: The server sends project renewal information to the sub-application in the approver's client.

In this embodiment of the application, the project renewal information includes project information.

Accordingly, the sub-application in the approver's client receives project renewal information from the server.

Step 1705: The sub-application in the approver's client receives the renewal approval operation for the project renewal information in the project approval interface.

Step 1706: The sub-application in the approver's client generates the project renewal result based on the renewal approval operation.

Step 1707: The sub-application in the approver's client sends the project renewal result to the server.

Step 1708: The server sends the project renewal result to the sub-application in the applicant's client.

Accordingly, the sub-application in the applicant's client receives the project renewal results of the target inspection project from the server.

Step 1709: The sub-application in the applicant's client displays the project renewal result in the project management interface.

As shown in Figure 18, if the project renewal result is "Project renewal approved", the display status of the project renewal control 1820 changes from "Apply for renewal" to "Initiate inspection"; if the project renewal result is "Project renewal rejected", the display status of the project renewal control 1820 remains "Apply for renewal".

In a possible implementation, after the sub-application in the applicant's client receives the project renewal result of the target inspection project from the server, it also performs the following steps: obtains each field contained in the project renewal result, the above fields including at least one of the following: project renewal approval time, project renewal approver, and project renewal result; fills each field into the project approval result notification message template to generate a project renewal result notification message; and displays the project renewal result notification message in the parent application.

Step 1710: The sub-application in the applicant's client obtains the inspection execution instruction for the target inspection item.

Once the target inspection project has been renewed, its validity period becomes valid, at which point the sub-application can obtain the inspection execution instructions for the target inspection project.

Step 1711: The sub-application in the applicant client sends an inspection execution request to the server.

In this embodiment of the application, the inspection execution request is used to request the execution of a network security inspection related to the target inspection item.

Accordingly, the server receives the inspection execution request sent by the sub-application in the requesting client. The sub-application is a program that depends on the parent application to run. The inspection execution request is used to request the execution of network security inspections related to the target inspection item.

Step 1712: The server sends an attack test request to the cloud platform.

In this embodiment of the application, the attack test request includes inspection parameters for the target inspection item, which are used to perform network security inspection on the target network address.

Step 1713: The server receives the inspection results of the target inspection project from the cloud platform.

Step 1714: The server sends the inspection results to the sub-application in the requester's client.

Accordingly, the sub-application in the applicant's client receives the inspection results of the target inspection items from the server.

Step 1715: The sub-application in the applicant's client displays the inspection results.

For a description of steps 1710 to 1715, please refer to the above embodiments; they will not be repeated here.

It should be noted that steps 1702 to 1709 can be executed after step 1710. That is, the validity period of the target inspection project may expire only after this network security inspection is completed. Then, the applicant can trigger the project renewal instruction when the target inspection project has a renewal requirement.

In possible implementations, mechanisms such as validity period renewal and approval authority authorization can be omitted; as long as there is login authentication information for personal information traceability, it is sufficient.

In an illustrative embodiment, as shown in FIG19, a flowchart of a network security inspection method provided in another embodiment of this application is illustrated. In this embodiment, the method is described in the implementation environment shown in FIG1. The method may include the following steps (1901-1909):

Step 1901: The sub-application in the applicant's client displays the homepage interface of the sub-application.

The applicant can search for the sub-applications provided in this application embodiment in the sub-application search box provided by the parent application or scan the sub-application QR code to enter the homepage interface of the sub-applications provided in this application embodiment.

In this embodiment of the application, the homepage interface includes a login control. As shown in Figure 20, the homepage interface 2010 includes a login control 2011.

In step 1902, the sub-application in the applicant's client receives a confirmation instruction for the login control and displays the user login interface.

When a sub-application receives a confirmation instruction for the login control, it sends an account information retrieval request to the server. This request asks the server to retrieve the user account information corresponding to the requesting client. This user account information may include at least one of the following: user nickname, user avatar, user's region, and user's gender. The server retrieves the user account information from the requesting client and then sends it to the sub-application within that client.

In this embodiment, as shown in Figure 20, the user login interface 2020 includes an "Agree" control 2021 and a "Reject" control 2022. The "Agree" control 2021 authorizes the sub-application to log in to the user account information corresponding to the parent application, and the "Reject" control 2022 refuses to authorize the sub-application to log in to the user account information corresponding to the parent application. When the applicant clicks the login control 2011 on the homepage interface 2010, such as the "X-mail Quick Login" button, the sub-application is triggered to display the user login interface 2020, which includes the "Agree" control 2021 and the "Reject" control 2022. It should be noted that the parent application in this embodiment is the applicant's client.

In step 1903, in response to receiving a confirmation instruction for the consent control, the sub-application in the applicant client displays the project management interface within the sub-application.

As shown in Figure 20, when the applicant clicks the "Agree" control 2021 on the user login interface 2020, the project management interface 2030 is triggered; when the applicant clicks the "Reject" control 2022 on the user login interface 2020, the applicant will be unable to use the sub-application normally.

The sub-application first determines whether the applicant has authorized login to the sub-application before. If the sub-application determines that the applicant has previously authorized login, it queries the sub-application's local cache to read the user account information, which includes at least one of the following: user ID, user nickname, and user avatar. If the sub-application determines that the applicant is logging into the sub-application for the first time, it calls the cloud function `login` in cloud development mode to obtain the applicant's user ID, calls the parent application's API interface `wx.getUserInfo` to obtain the user nickname and user avatar, and records and writes them to the mini-program's local cache. At the same time, the sub-application writes the user account information to the cloud database `psg_user` collection for persistent storage and subsequent interface user information verification. The project permission role of the inspection project newly created by the applicant is a regular user by default. Switching the approver's user permissions is done by modifying the corresponding field values of the cloud database `psg_user` collection in the visual cloud development console.

Step 1904: The sub-application in the applicant client obtains the inspection execution instruction for the target inspection item in at least one inspection item.

Step 1905: The sub-application in the applicant client sends an inspection execution request to the server.

In this embodiment of the application, the inspection execution request is used to request the execution of a network security inspection related to the target inspection item.

Accordingly, the server receives the inspection execution request sent by the sub-application in the requesting client. The sub-application is a program that depends on the parent application to run. The inspection execution request is used to request the execution of network security inspections related to the target inspection item.

Step 1906: The server sends an attack test request to the cloud platform.

In this embodiment of the application, the attack test request includes inspection parameters for the target inspection item, which are used to perform network security inspection on the target network address.

Step 1907: The server receives the inspection results of the target inspection project from the cloud platform.

Step 1908: The server sends the inspection results to the sub-application in the requester's client.

Accordingly, the sub-application in the applicant's client receives the inspection results of the target inspection items from the server.

Step 1909: The sub-application in the applicant's client displays the inspection results.

For a description of steps 1904 to 1909, please refer to the above embodiments; they will not be repeated here.

This application embodiment utilizes a sub-application's account login authentication system to avoid the risk of exploitation by malicious actors if the security authorization mechanism of a web page is poorly designed and exposed to arbitrary access on the public network, as seen in related technologies. The sub-application possesses strict login-state security authentication capabilities. This application embodiment leverages the sub-application as a carrier to implement user login authentication, user personal project management, and project authorization approval, with push notifications from the parent application reaching both applicants and approvers, thus improving the efficiency of remote security system inspections.

It should be noted that, in the above method embodiments, the technical solution of this application is mainly described from the perspective of sub-applications in the applicant's client, sub-applications in the approver's client, and server interaction. The steps executed by the sub-applications in the applicant's client can be implemented independently as a network security inspection method on the sub-application side of the applicant's client, the steps executed by the sub-applications in the approver's client can be implemented independently as a network security inspection method on the sub-application side of the approver's client, and the steps executed by the server can be implemented independently as a network security inspection method on the server side.

The following are embodiments of the apparatus described in this application, which can be used to execute the embodiments of the method described in this application. For details not disclosed in the apparatus embodiments of this application, please refer to the embodiments of the method described in this application.

Please refer to Figure 21, which shows a block diagram of a network security inspection device according to an embodiment of this application. This device has the functionality to implement the network security inspection method example described above. This functionality can be implemented in hardware or by hardware executing corresponding software. The device 2100 may include: an interface display module 2110, an instruction acquisition module 2120, a request sending module 2130, a result receiving module 2140, and a result display module 2150.

The interface display module 2110 is used to display a project management interface in a sub-application, the project management interface including at least one inspection item option, the sub-application being a program that depends on the parent application to run;

Instruction acquisition module 2120 is used to acquire inspection execution instructions for the target inspection item in the at least one inspection item;

Request sending module 2130 is used to send an inspection execution request to the server, wherein the inspection execution request is used to request the execution of network security inspection related to the target inspection item;

The result receiving module 2140 is used to receive the inspection results of the target inspection item from the server.

The results display module 2150 is used to display the inspection results in the sub-application.

In summary, the technical solution provided in this application implements network security inspection functions through sub-applications. Since sub-applications have a wide user base and offer conveniences such as no installation required, always available, use and discard, and no uninstallation required, users only need to open the sub-application within the parent application and directly log in with their parent application's user account information to perform network security inspections within the sub-application. There is no need to enter the corresponding web page address for network security inspections, nor is there a need to enter an account password, thus improving the convenience of network security inspection preparation operations.

In an illustrative embodiment, as shown in FIG22, the instruction acquisition module 2120 includes: an instruction receiving unit 2121, an interface display unit 2122, a parameter acquisition unit 2123, and an instruction confirmation unit 2124.

Instruction receiving unit 2121 is used to receive an inspection initiation instruction for the option of the target inspection item;

The interface display unit 2122 is used to display the inspection submission interface corresponding to the target inspection item;

The parameter acquisition unit 2123 is used to acquire the inspection parameters submitted in the inspection submission interface, and the inspection parameters are used to perform network security inspection on the target network address.

The instruction confirmation unit 2124 is used to confirm that an inspection execution instruction for the target inspection item has been obtained when a submission instruction for the inspection parameters is received.

The inspection execution request includes the inspection parameters.

In an illustrative embodiment, the inspection submission interface includes a network address input box and a test case selection list. The test case selection list includes at least one test case, which is used to indicate the type of attack when performing a network security inspection.

The parameter acquisition unit 2123 is used for:

Obtain the target network address entered in the network address input box;

Obtain the target test case selected from the test case selection list, wherein the target test case includes at least one test case;

The inspection parameters include the target network address and the target test case.

In an illustrative embodiment, the result display module 2150 is used for:

The sub-application displays a results query interface, which includes an option for at least one historical inspection record of the target inspection item.

Receive a viewing instruction for the option of the target historical inspection record, wherein the target historical inspection record is the historical inspection record corresponding to the inspection result;

The report display interface is shown in the sub-application;

The inspection report corresponding to the inspection results is displayed in the report display interface.

In an illustrative embodiment, the result display module 2150 is further configured to:

Play the setup animation;

After the set animation finishes playing, a query request is sent to the server. The query request is used to request at least one historical inspection record of the target inspection item.

The result receiving module 2140 is used for:

Receive at least one historical inspection record of the target inspection item from the server.

In an illustrative embodiment, the project management interface also includes a project creation control, which is used to create a new inspection project;

The device 2100 also includes: a project creation instruction 2160 and an information acquisition module 2170.

Project creation instruction 2160 is used to receive a project creation instruction for the project creation control and display the project creation interface;

Information acquisition module 2170 is used to acquire project information of new inspection projects submitted in the project creation interface;

The request sending module 2130 is further configured to send a project approval request to the server. The project approval request is used to request approval for the new inspection project, and the project approval request includes project information of the new inspection project.

The result receiving module 2140 is also used to receive the project approval result of the new inspection project from the server;

The result display module 2150 is also used to display the project approval result in the project management interface.

In an illustrative embodiment, the device 2100 further includes a message display module 2180.

The message display module 2180 is used for:

Obtain the various fields contained in the project approval result, wherein the fields include at least one of the following: project approval time, project approver, and project review result;

Fill in each of the aforementioned fields into the project approval result notification message template to generate the project approval result notification message;

The project approval result notification message is displayed in the parent application.

In an illustrative embodiment, the result display module 2150 is further configured to:

Obtain the project renewal instruction for the selected option of the target inspection item;

Send a project renewal request to the server, the project renewal request being used to request an extension of the validity period of the target inspection project;

Receive the project renewal result of the target inspection project from the server;

The project renewal results are displayed in the project management interface.

In an illustrative embodiment, the interface display module 2110 is further configured to:

Display the homepage interface of the sub-application, which includes a login control;

Receive a confirmation instruction for the login control and display a user login interface. The user login interface includes an agree control and a refuse control. The agree control is used to authorize the sub-application to log in to the user account information corresponding to the parent application, and the refuse control is used to refuse to authorize the sub-application to log in to the user account information corresponding to the parent application.

In response to receiving a confirmation instruction for the consent control, the step of displaying the project management interface in the sub-application is performed.

Please refer to Figure 23, which shows a block diagram of a network security inspection device according to another embodiment of this application. This device has the functionality to implement the network security inspection method example described above. This functionality can be implemented in hardware or by hardware executing corresponding software. The device 2300 may include: a request receiving module 2310, a request sending module 2320, a result receiving module 2330, and a result sending module 2340.

The request receiving module 2310 is used to receive an inspection execution request from a sub-application in the applicant's client. The sub-application is a program that depends on the parent application to run. The inspection execution request is used to request the execution of a network security inspection related to the target inspection project.

The request sending module 2320 is used to send an attack test request to the cloud platform. The attack test request includes the inspection parameters of the target inspection item. The inspection parameters are used to perform network security inspection on the target network address.

The result receiving module 2330 is used to receive the inspection results of the target inspection project from the cloud platform.

The result sending module 2340 is used to send the inspection results to the sub-application in the applicant client.

In summary, the technical solution provided in this application implements network security inspection functions through sub-applications. Since sub-applications have a wide user base and offer conveniences such as no installation required, always available, use and discard, and no uninstallation required, users only need to open the sub-application within the parent application and directly log in with their parent application's user account information to perform network security inspections within the sub-application. There is no need to enter the corresponding web page address for network security inspections, nor is there a need to enter an account password, thus improving the convenience of network security inspection preparation operations.

In an illustrative embodiment, the result receiving module 2330 is configured to:

Send a result query request to the cloud database in the cloud platform. The result query request includes the identifier of the target inspection item. The cloud database stores the inspection results of at least one inspection item.

Receive the inspection results of the target inspection project from the cloud database.

In an illustrative embodiment, the request receiving module 2310 is further configured to receive a query request from a sub-application in the applicant client, the query request being used to request query at least one historical inspection record of the target inspection project.

The result receiving module 2330 is also used to forward the query request to the cloud database in the cloud platform; and to receive at least one historical inspection record of the target inspection project from the cloud database.

The result sending module 2340 is also used to send at least one historical inspection record of the target inspection project to a sub-application in the applicant client.

In an illustrative embodiment, the result sending module 2340 is further configured to include at least one of the following:

The system receives a project approval request from a sub-application in the applicant's client, the project approval request being used to request approval for a new inspection project, the project approval request including project information of the new inspection project; sends project approval information to the sub-application in the approver's client, the project approval information including project information of the new inspection project; receives a project approval result from the sub-application in the approver's client; and sends the project approval result to the sub-application in the applicant's client.

The system receives a project renewal request from a sub-application in the applicant's client, the project renewal request being used to request an extension of the validity period of the target inspection project; sends project renewal information, including project information of the target inspection project, to the sub-application in the approver's client; receives a project renewal result from the sub-application in the approver's client; and sends the project renewal result to the sub-application in the applicant's client.

In an illustrative embodiment, as shown in FIG24, the device 2300 further includes an information sending module 2350.

The information sending module 2350 is used for:

Receive an account information retrieval request from a sub-application in the applicant's client, the account information retrieval request being used to request the user account information corresponding to the applicant's client;

Obtain the user account information corresponding to the applicant's client;

Send the user account information to the sub-application in the applicant's client.

It should be noted that the apparatus provided in the above embodiments is only illustrated by the division of the above functional modules when implementing its functions. In actual applications, the above functions can be assigned to different functional modules as needed, that is, the content structure of the device can be divided into different functional modules to complete all or part of the functions described above. In addition, the apparatus and method embodiments provided in the above embodiments belong to the same concept, and the specific implementation process can be found in the method embodiments, which will not be repeated here.

Please refer to Figure 25, which shows a structural block diagram of a terminal 2500 provided in one embodiment of this application. The terminal 2500 can be a mobile phone, tablet computer, smart TV, multimedia playback device, PC, etc. The terminal 2500 can be used to implement the network security inspection method provided in the above embodiments, and the terminal 2500 can be the applicant terminal 10 described in the implementation environment of Figure 1.

Typically, terminal 2500 includes a processor 2501 and a memory 2502.

Processor 2501 may include one or more processing cores, such as a quad-core processor, an octa-core processor, etc. Processor 2501 may be implemented using at least one hardware form selected from DSP (Digital Signal Processing), FPGA (Field Programmable Gate Array), and PLA (Programmable Logic Array). Processor 2501 may also include a main processor and a coprocessor. The main processor, also known as a CPU (Central Processing Unit), is used to process data in the wake-up state; the coprocessor is a low-power processor used to process data in the standby state. In some embodiments, processor 2501 may integrate a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content to be displayed on the screen. In some embodiments, processor 2501 may also include an AI (Artificial Intelligence) processor, which is used to handle computational operations related to machine learning.

The memory 2502 may include one or more computer-readable storage media, which may be non-transitory. The memory 2502 may also include high-speed random access memory and non-volatile memory, such as one or more disk storage devices or flash memory devices.

In some embodiments, the terminal 2500 may also optionally include a peripheral device interface 2503 and at least one peripheral device. The processor 2501, memory 2502, and peripheral device interface 2503 can be connected via a bus or signal line. Each peripheral device can be connected to the peripheral device interface 2503 via a bus, signal line, or circuit board. Specifically, the peripheral device may include at least one of a display screen 2504, audio circuitry 2505, communication interface 2506, and power supply 2507.

Those skilled in the art will understand that the structure shown in FIG25 does not constitute a limitation on the terminal 2500, and may include more or fewer components than shown, or combine certain components, or use different component arrangements.

Please refer to Figure 26, which shows a schematic diagram of the structure of a server 2600 provided in one embodiment of this application. This server 2600 can be used to implement the server-side network security inspection method provided in the above embodiments. The server 2600 can be the server 30 described in the implementation environment shown in Figure 1. Specifically:

The server 2600 includes a central processing unit (CPU) 2601, a system memory 2604 including RAM (Random Access Memory) 2602 and ROM (Read-Only Memory) 2603, and a system bus 2605 connecting the system memory 2604 and the CPU 2601. The server 2600 also includes a basic input/output system (I/O system) 2606 to facilitate information transfer between various devices within the computer, and a mass storage device 2607 for storing the operating system 2613, application programs 2614, and other program modules 2615.

The basic input/output system 2606 includes a display 2608 for displaying information and an input device 2609 for user input, such as a mouse or keyboard. Both the display 2608 and the input device 2609 are connected to the central processing unit 2601 via an input/output controller 2610 connected to the system bus 2605. The basic input/output system 2606 may also include the input/output controller 2610 for receiving and processing input from multiple other devices such as a keyboard, mouse, or electronic stylus. Similarly, the input/output controller 2610 also provides output to a display screen, printer, or other types of output devices.

The mass storage device 2607 is connected to the central processing unit 2601 via a mass storage controller (not shown) connected to the system bus 2605. The mass storage device 2607 and its associated computer-readable media provide non-volatile storage for the server 2600. That is, the mass storage device 2607 may include computer-readable media (not shown) such as a hard disk or a CD-ROM (Compact Disc Read-Only Memory) drive.

Without loss of generality, the computer-readable medium may include computer storage media and communication media. Computer storage media include volatile and non-volatile, removable and non-removable media implemented using any method or technology for storing information such as computer-readable instructions, data structures, program modules, or other data. Computer storage media include RAM, ROM, EPROM (Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory or other solid-state storage devices, CD-ROM, DVD (Digital Versatile Disc) or other optical storage, magnetic tape cassettes, magnetic tape, disk storage, or other magnetic storage devices. Of course, those skilled in the art will recognize that the computer storage media are not limited to the above-mentioned types. The system memory 2604 and mass storage device 2607 described above can be collectively referred to as memory.

According to various embodiments of this application, the server 2600 can also be connected to a remote computer on a network, such as the Internet. That is, the server 2600 can be connected to the network 2612 via the network interface unit 2611 connected to the system bus 2605, or the network interface unit 2611 can be used to connect to other types of networks or remote computer systems (not shown).

The memory also includes one or more programs stored in the memory and configured to be executed by one or more processors. These programs contain instructions for implementing the aforementioned server-side network security inspection method.

In an exemplary embodiment, a terminal is also provided, the terminal including a processor and a memory, the memory storing at least one instruction, at least one program, code set, or instruction set. The at least one instruction, at least one program, code set, or instruction set is configured to be executed by one or more processors to implement the aforementioned network security inspection method on the terminal side.

In an exemplary embodiment, a server is also provided, the server including a processor and a memory, the memory storing at least one instruction, at least one program, code set, or instruction set. The at least one instruction, at least one program, code set, or instruction set is configured to be executed by one or more processors to implement the aforementioned server-side network security inspection method.

In an exemplary embodiment, a computer-readable storage medium is also provided, which stores at least one instruction, at least one program, code set, or instruction set, wherein the at least one instruction, the at least one program, the code set, or the instruction set implements the above-described network security inspection method on the terminal side when executed by the processor of a terminal.

In an exemplary embodiment, a computer-readable storage medium is also provided, wherein at least one instruction, at least one program, code set, or instruction set is stored therein, wherein the at least one instruction, the at least one program, the code set, or the instruction set implements the above-described server-side network security inspection method when executed by a server's processor.

In an exemplary embodiment, a computer program product or computer program is also provided, which includes computer instructions stored in a computer-readable storage medium. The processor of the terminal reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the terminal to perform the aforementioned terminal-side network security inspection method.

In an exemplary embodiment, a computer program product or computer program is also provided, which includes computer instructions stored in a computer-readable storage medium. The server's processor reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the server to perform the aforementioned server-side network security inspection method.

It should be understood that "multiple" as mentioned herein refers to two or more. Furthermore, the step numbers described herein are merely illustrative of one possible order of execution. In some other embodiments, the steps may not be executed in numerical order, such as two steps with different numbers being executed simultaneously, or two steps with different numbers being executed in the reverse order of the illustration. This application does not limit this practice.

The above description is merely an exemplary embodiment of this application and is not intended to limit this application. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application.

Claims (18)

1. A network security inspection method, characterized in that the method includes: A project management interface is displayed in a sub-application, which includes options for at least one inspection project. The sub-application is a program that depends on the parent application to run. Obtain the inspection execution instruction for the target inspection item in the at least one inspection item; Send an inspection execution request to the server, the inspection execution request being used to request the execution of a network security inspection related to the target inspection item; Receive the inspection results of the target inspection item from the server; The inspection results are displayed in the sub-application. 2. The method according to claim 1, wherein obtaining the inspection execution instruction for the target inspection item in the at least one inspection item includes: Receive an inspection initiation command for the options of the target inspection item; Displays the inspection submission interface corresponding to the target inspection item; Obtain the inspection parameters submitted in the inspection submission interface. The inspection parameters are used to perform network security inspection on the target network address. Upon receiving a submission instruction for the inspection parameters, confirm that an inspection execution instruction for the target inspection item has been obtained; The inspection execution request includes the inspection parameters. 3. The method according to claim 2, wherein the inspection submission interface includes a network address input box and a test case selection list, the test case selection list includes at least one test case, the test case being used to indicate the attack type when performing network security inspection; The step of obtaining the inspection parameters submitted in the inspection submission interface includes: Obtain the target network address entered in the network address input box; Obtain the target test case selected from the test case selection list, wherein the target test case includes at least one test case; The inspection parameters include the target network address and the target test case. 4. The method according to claim 1, wherein displaying the inspection results in the sub-application includes: The sub-application displays a results query interface, which includes an option for at least one historical inspection record of the target inspection item. Receive a viewing instruction for the option of the target historical inspection record, wherein the target historical inspection record is the historical inspection record corresponding to the inspection result; The report display interface is shown in the sub-application; The inspection report corresponding to the inspection results is displayed in the report display interface. 5. The method according to claim 1, characterized in that, after sending the inspection execution request to the server, it further includes: Play the setup animation; After the set animation finishes playing, a query request is sent to the server. The query request is used to request at least one historical inspection record of the target inspection item. Receiving the inspection results of the target inspection item from the server includes: Receive at least one historical inspection record of the target inspection item from the server. 6. The method according to claim 1, wherein the project management interface further includes a project creation control, the project creation control being used to create a new inspection project; After displaying the project management interface in the sub-application, the following is also included: Receive a project creation instruction for the project creation control and display the project creation interface; Retrieve project information for new inspection projects submitted in the project creation interface; Send a project approval request to the server. The project approval request is used to request approval for the new inspection project. The project approval request includes the project information of the new inspection project. Receive the project approval result of the new inspection project from the server; The project approval results are displayed in the project management interface. 7. The method according to claim 6, characterized in that, after receiving the project approval result of the new inspection project from the server, it further includes: Obtain the various fields contained in the project approval result, wherein the fields include at least one of the following: project approval time, project approver, and project review result; Fill in each of the aforementioned fields into the project approval result notification message template to generate the project approval result notification message; The project approval result notification message is displayed in the parent application. 8. The method according to claim 1, characterized in that, after displaying the project management interface in the sub-application, it further includes: Obtain the project renewal instruction for the options of the target inspection item; Send a project renewal request to the server, the project renewal request being used to request an extension of the validity period of the target inspection project; Receive the project renewal result of the target inspection project from the server; The project renewal results are displayed in the project management interface. 9. The method according to any one of claims 1 to 8, characterized in that, before displaying the project management interface in the sub-application, it further includes: Display the homepage interface of the sub-application, which includes a login control; Receive a confirmation instruction for the login control and display a user login interface. The user login interface includes an agree control and a refuse control. The agree control is used to authorize the sub-application to log in to the user account information corresponding to the parent application, and the refuse control is used to refuse to authorize the sub-application to log in to the user account information corresponding to the parent application. In response to receiving a confirmation instruction for the consent control, the step of displaying the project management interface in the sub-application is performed. 10. A network security inspection method, characterized in that the method includes: Receive an inspection execution request from a sub-application in the applicant's client, wherein the sub-application is a program that depends on the parent application to run, and the inspection execution request is used to request the execution of a network security inspection related to the target inspection project; Send an attack test request to the cloud platform. The attack test request includes the inspection parameters of the target inspection item. The inspection parameters are used to perform network security inspection on the target network address. Receive the inspection results of the target inspection project from the cloud platform; The inspection results are sent to the sub-application in the applicant's client. 11. The method according to claim 10, wherein receiving the inspection result of the target inspection project from the cloud platform includes: Send a result query request to the cloud database in the cloud platform. The result query request includes the identifier of the target inspection item. The cloud database stores the inspection results of at least one inspection item. Receive the inspection results of the target inspection project from the cloud database. 12. The method according to claim 10, characterized in that, after receiving the inspection execution request from the sub-application in the applicant's client, it further includes: Receive a query request from a sub-application in the applicant's client, the query request being used to request at least one historical inspection record of the target inspection project; Receiving the inspection results of the target inspection project from the cloud platform includes: Forward the query request to the cloud database in the cloud platform; Receive at least one historical inspection record of the target inspection project from the cloud database; Sending the inspection results to the sub-application in the applicant's client includes: Send at least one historical inspection record of the target inspection item to the sub-application in the applicant's client. 13. The method according to claim 10, characterized in that the method further comprises at least one of the following: The system receives a project approval request from a sub-application in the applicant's client, the project approval request being used to request approval for a new inspection project, the project approval request including project information of the new inspection project; sends project approval information to the sub-application in the approver's client, the project approval information including project information of the new inspection project; receives a project approval result from the sub-application in the approver's client; and sends the project approval result to the sub-application in the applicant's client. The system receives a project renewal request from a sub-application in the applicant's client, the project renewal request being used to request an extension of the validity period of the target inspection project; sends project renewal information, including project information of the target inspection project, to the sub-application in the approver's client; receives a project renewal result from the sub-application in the approver's client; and sends the project renewal result to the sub-application in the applicant's client. 14. The method according to any one of claims 10 to 13, characterized in that, before receiving the query request from the sub-application in the applicant's client, it further comprises: Receive an account information retrieval request from a sub-application in the applicant's client, the account information retrieval request being used to request the user account information corresponding to the applicant's client; Obtain the user account information corresponding to the applicant's client; Send the user account information to the sub-application in the applicant's client. 15. A network security inspection device, characterized in that the device comprises: The interface display module is used to display a project management interface in a sub-application, the project management interface including at least one inspection item option, the sub-application being a program that depends on the parent application to run; The instruction acquisition module is used to acquire the inspection execution instruction for the target inspection item in the at least one inspection item; The request sending module is used to send an inspection execution request to the server, wherein the inspection execution request is used to request the execution of a network security inspection related to the target inspection item; The result receiving module is used to receive the inspection results of the target inspection item from the server. The results display module is used to display the inspection results in the sub-application. 16. A network security inspection device, characterized in that the device comprises: The request receiving module is used to receive inspection execution requests from sub-applications in the requester's client. The sub-applications are programs that depend on the parent application to run. The inspection execution requests are used to request the execution of network security inspections related to the target inspection project. The request sending module is used to send an attack test request to the cloud platform. The attack test request includes the inspection parameters of the target inspection item. The inspection parameters are used to perform network security inspection on the target network address. The result receiving module is used to receive the inspection results of the target inspection project from the cloud platform. The result sending module is used to send the inspection results to the sub-application in the applicant client. 17. A computer device, characterized in that the computer device includes a processor and a memory, the memory storing at least one instruction, at least one program, a code set or an instruction set, wherein the at least one instruction, the at least one program, the code set or the instruction set is loaded and executed by the processor to implement the network security inspection method as described in any one of claims 1 to 9, or to implement the network security inspection method as described in any one of claims 10 to 14. 18. A computer-readable storage medium, characterized in that the storage medium stores at least one instruction, at least one program, a code set, or an instruction set, wherein the at least one instruction, the at least one program, the code set, or the instruction set is loaded and executed by a processor to implement the network security inspection method as described in any one of claims 1 to 9, or to implement the network security inspection method as described in any one of claims 10 to 14.