Systems and methods are described for use in evaluating an application for security risks related to integer overflow conditions in conjunction with memory allocations. The evaluation includes finding a relationship between data input to the application and memory allocation requests made by the application. Having established the relationship, a memory allocation-requesting module within the application is tested, using input data selected using the relationship.