In contemporary software development, developers have access to a wide array of tools for vulnerability assessment, ranging from Static Application Security Testing (SAST) to Dynamic Application Security Testing (DAST). While these tools are highly effective at identifying common security flaws, they often fail to address a critical area: business logic vulnerabilities. Even with robust scanning, a system remains exposed if its underlying logic permits invalid operations — such as adding a negative quantity of items to a shopping cart — which standard security scanners do not flag as malicious.
The ANOTA system addresses these logical inconsistencies by enabling the integration of specific annotations directly into source code. These annotations monitor logic constraints at runtime to ensure they are not violated. However, manually defining such annotations places a significant burden on developers.
The primary objective of this thesis is to investigate the extent to which Artificial Intelligence can automate the generation of ANOTA annotations, reducing the need for manual developer effort. This encompasses an evaluation of AI feasibility across different annotation types, as well as an analysis of how varying degrees of contextual information influence the quality of the generated output.