Update README.md with minor wording edits

contentauth · Oct 7, 2023 · e430e43 · e430e43
1 parent ffc32a0
commit e430e43
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -24,9 +24,9 @@ Page contents:
 
 ## Overview
 
-The C2PA Attacks Tool, `c2pa-attacks`, performs security testing on a Content Credentials application (an application that uses the CAI SDKs and tools). The tool generates images with associated C2PA manifest stores to test the application for security vulnerabilities such as cross-site scripting. It takes a file of attack strings, adds each string into the designated manifest field, and produces a corresponding malicious C2PA image for testing. The tool does not automatically check to see if the attack was successful.
+The C2PA Attacks Tool, `c2pa-attacks`, performs security testing on a Content Credentials application (an application that uses the CAI SDKs and tools). The tool generates images with associated C2PA manifest stores to test the application for security vulnerabilities such as cross-site scripting and injection attacks against the file parser. It takes a file of attack strings, adds each string into the designated manifest field, and produces a corresponding malicious C2PA image for testing. The tool does not automatically check to see if the attack was successful.
 
-This tool facilitates security testing early in the development cycle of Content Credentials applications. For such applications, often the first step in processing an asset is to validate the signature and reject any whose public key is not from a trusted CA. That said, it is still good to test the parsers since hackers could find ways to get unexpected data into C2PA manifest fields. In addition, it is conceivable that a Content Credentials application could parse manifest data without validating the certificate. Therefore, it is critical that the application safely handles unexpected input.
+This tool facilitates security testing early in the development cycle of Content Credentials applications. For such applications, often the first step in processing an asset is to validate the signature and reject any whose public key is not from a trusted CA. That said, it is still good to test the parsers since malicious adversaries could find ways to get unexpected data into C2PA manifest fields. In addition, it is conceivable that a Content Credentials application could parse manifest data without validating the certificate. Therefore, it is critical that the application safely handles unexpected input.
 
 Each Content Credentials application has its own unique behavior and technology stack. Therefore, this tool provides a framework that you can customize for your specific needs.  The files provided with this tool are examples for initial experimentation. You will need to create customized attack files for your specific environment. Refer to the [appendix](docs/appendix.md) for information on how to cover more file types, more injections, and other forms of code coverage.