Saved in:
Bibliographic Details
Main Authors: Wang, Meng, Görz, Philipp, Schilling, Joschua, Hassler, Keno, Guo, Liwei, Holz, Thorsten, Abbasi, Ali
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2512.20705
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917169319641088
author Wang, Meng
Görz, Philipp
Schilling, Joschua
Hassler, Keno
Guo, Liwei
Holz, Thorsten
Abbasi, Ali
author_facet Wang, Meng
Görz, Philipp
Schilling, Joschua
Hassler, Keno
Guo, Liwei
Holz, Thorsten
Abbasi, Ali
contents Detecting business logic vulnerabilities is a critical challenge in software security. These flaws come from mistakes in an application's design or implementation and allow attackers to trigger unintended application behavior. Traditional fuzzing sanitizers for dynamic analysis excel at finding vulnerabilities related to memory safety violations but largely fail to detect business logic vulnerabilities, as these flaws require understanding application-specific semantic context. Recent attempts to infer this context, due to their reliance on heuristics and non-portable language features, are inherently brittle and incomplete. As business logic vulnerabilities constitute a majority (27/40) of the most dangerous software weaknesses in practice, this is a worrying blind spot of existing tools. In this paper, we tackle this challenge with ANOTA, a novel human-in-the-loop sanitizer framework. ANOTA introduces a lightweight, user-friendly annotation system that enables users to directly encode their domain-specific knowledge as lightweight annotations that define an application's intended behavior. A runtime execution monitor then observes program behavior, comparing it against the policies defined by the annotations, thereby identifying deviations that indicate vulnerabilities. To evaluate the effectiveness of ANOTA, we combine ANOTA with a state-of-the-art fuzzer and compare it against other popular bug finding methods compatible with the same targets. The results show that ANOTA+FUZZER outperforms them in terms of effectiveness. More specifically, ANOTA+FUZZER can successfully reproduce 43 known vulnerabilities, and discovered 22 previously unknown vulnerabilities (17 CVEs assigned) during the evaluation. These results demonstrate that ANOTA provides a practical and effective approach for uncovering complex business logic flaws often missed by traditional security testing techniques.
format Preprint
id arxiv_https___arxiv_org_abs_2512_20705
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Anota: Identifying Business Logic Vulnerabilities via Annotation-Based Sanitization
Wang, Meng
Görz, Philipp
Schilling, Joschua
Hassler, Keno
Guo, Liwei
Holz, Thorsten
Abbasi, Ali
Cryptography and Security
Detecting business logic vulnerabilities is a critical challenge in software security. These flaws come from mistakes in an application's design or implementation and allow attackers to trigger unintended application behavior. Traditional fuzzing sanitizers for dynamic analysis excel at finding vulnerabilities related to memory safety violations but largely fail to detect business logic vulnerabilities, as these flaws require understanding application-specific semantic context. Recent attempts to infer this context, due to their reliance on heuristics and non-portable language features, are inherently brittle and incomplete. As business logic vulnerabilities constitute a majority (27/40) of the most dangerous software weaknesses in practice, this is a worrying blind spot of existing tools. In this paper, we tackle this challenge with ANOTA, a novel human-in-the-loop sanitizer framework. ANOTA introduces a lightweight, user-friendly annotation system that enables users to directly encode their domain-specific knowledge as lightweight annotations that define an application's intended behavior. A runtime execution monitor then observes program behavior, comparing it against the policies defined by the annotations, thereby identifying deviations that indicate vulnerabilities. To evaluate the effectiveness of ANOTA, we combine ANOTA with a state-of-the-art fuzzer and compare it against other popular bug finding methods compatible with the same targets. The results show that ANOTA+FUZZER outperforms them in terms of effectiveness. More specifically, ANOTA+FUZZER can successfully reproduce 43 known vulnerabilities, and discovered 22 previously unknown vulnerabilities (17 CVEs assigned) during the evaluation. These results demonstrate that ANOTA provides a practical and effective approach for uncovering complex business logic flaws often missed by traditional security testing techniques.
title Anota: Identifying Business Logic Vulnerabilities via Annotation-Based Sanitization
topic Cryptography and Security
url https://arxiv.org/abs/2512.20705