Logic vulnerabilities are largely dependent on the expected functions of web applications. Their appearance depends on both application logic and related security policy which may change based on modifications in business requirements. Accordingly, there are no specific and common patterns for logic vulnerabilities moreover, a security policy is required for their detection. In this study, a vulnerability detection method is proposed to detect logic vulnerabilities via analysing the program source code. Security checks enforce some constraints in the application so that the application behaves according to the logic intended by the programmer. The main goal is to find the vulnerabilities caused by bypassing some security checks. In this method, known as annotation-based vulnerability detection approach (ANOVUL), control and data flows are analysed to detect the application logic vulnerabilities. To analyse the flows of the program, access control and authenticity labelling are used. To evaluate ANOVUL, the authors have collected a data set. This comprises of PHP applications with reported logic vulnerabilities that have common vulnerabilities and exposures (CVE) identifiers. Based on the results, a 73% detection rate was achieved in the data set. The proposed method can detect logic vulnerabilities that are not detectable using conventional methods.

中文翻译：

---

ANOVUL：通过数据和控制流分析检测带注释的程序中的逻辑漏洞

逻辑漏洞在很大程度上取决于Web应用程序的预期功能。它们的外观取决于应用程序逻辑和相关的安全策略，这些策略可能会根据业务需求的更改而改变。因此，此外，没有针对逻辑漏洞的特定且通用的模式，因此需要安全策略来对其进行检测。在这项研究中，提出了一种漏洞检测方法，通过分析程序源代码来检测逻辑漏洞。安全检查在应用程序中施加了一些约束，以便应用程序根据程序员意图的逻辑来运行。主要目标是查找由于绕过某些安全检查而导致的漏洞。在这种方法中，称为基于注释的漏洞检测方法（ANOVUL），分析控制和数据流以检测应用程序逻辑漏洞。为了分析程序的流程，使用了访问控制和真实性标签。为了评估ANOVUL，作者收集了一个数据集。这包括具有报告的逻辑漏洞的PHP应用程序，这些逻辑漏洞具有常见的漏洞和披露（CVE）标识符。根据结果​​，数据集中的检出率达到了73％。所提出的方法可以检测使用常规方法无法检测到的逻辑漏洞。这包括具有报告的逻辑漏洞的PHP应用程序，这些逻辑漏洞具有常见的漏洞和披露（CVE）标识符。根据结果​​，数据集中的检出率达到了73％。所提出的方法可以检测使用传统方法无法检测到的逻辑漏洞。这包括具有报告的逻辑漏洞的PHP应用程序，这些逻辑漏洞具有常见的漏洞和披露（CVE）标识符。根据结果​​，数据集中的检出率达到了73％。所提出的方法可以检测使用常规方法无法检测到的逻辑漏洞。