DEEEP

DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of aplications from ILP32 to LP64. It uses the tools Lint and Splint, and runs over Open Solaris and Linux operating systems.

This tool semantically analyses source code. More precisely, it does type checking, data-flow analysis, and it automatically correlates the results of these two types of analysis. Type checking is used for finding bugs on the way integers are handled, and data-flow analysis is used to see if hazardous functions (eg. memcpy, strcpy) are accessible from outside the program.

After this two analyses, the tool correlates the results from the previous phases to attain if the data that comes from the inputs are affected by vulnerabilities from porting to LP64, and if these are handled by dangerous functions (memcpy, strcpy,...). In resume, identify if the found bugs

Features

Integer Vulnerabilities
Static Analysis
Portability from 32 bits to 64 bits

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow DEEEP

DEEEP Web Site

Other Useful Business Software

AI-generated apps that pass security review

Stop waiting on engineering. Build production-ready internal tools with AI—on your company data, in your cloud.

Retool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.

Try Retool free

Rate This Project

User Reviews

Be the first to post a review of DEEEP!

Additional Project Details

Operating Systems

Linux, Solaris

Intended Audience

Security Professionals

User Interface

Console/Terminal

Programming Language

C, Perl

Related Categories

Perl Security Software, Perl Source Code Analysis Tool, C Security Software, C Source Code Analysis Tool

Registered

2014-03-02

Similar Business Software

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Parasoft

Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and...

See Software
Twilio

Design and deploy your ideal customer engagement experience. Twilio is a single fully-programmable platform with flexible APIs for any channel and over 400+ integrations, backed by a community of over 9 million developers. Build accurate and personalized experiences for your customers, easily...

See Software
Windsurf Editor

The Windsurf Editor is a free AI-powered IDE and AI coding assistant that accelerates development by providing intelligent code generation and agents in over 70 programming languages and more than 40 IDEs, including VSCode, JetBrains, and Jupyter Notebooks. With Windsurf, developers can write...

See Software
Apify

Apify is a full-stack web scraping and automation platform helping anyone get value from the web. At its core is Apify Store, a marketplace with over 10,000 Actors where developers build, publish, and monetize automation tools. Actors are serverless cloud programs that extract data, automate...

See Software
New Relic

There are an estimated 25 million engineers in the world across dozens of distinct functions. As every company becomes a software company, engineers are using New Relic to gather real-time insights and trending data about the performance of their software so they can be more resilient and...

See Software