Update README.md

jensvoid · Jul 2, 2013 · ac47d5e · ac47d5e
1 parent 0db5606
commit ac47d5e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 ## LORG
 ### A tool for advanced HTTPD logfile security analysis and forensics
 
-Web server log files are the primary source of information to reconstruct the course of events you got pwned due to vulnerable web applications. However, extracting the relevant information from huge files can be a difficult task. LORG is a tool aimed at security professionals and administrators to simplify the job of finding the `needle in a haystack' (aka vulnerable web application) in a scenario of post-attack forensics. It aims to implement various state of the art approaches to detect attacks against web applications within HTTP traffic logs (e.g. Apache's `access_log`), including signature-based, statistical and machine learning techniques. Detected incidents are subsequently grouped into sessions which are classified as 'hand-crafted' or automated to distinguish whether the attacker is a man or a machine. In addition, geoIP- and DNSBL lookups can be performed to see if the attacks originate from a certain geolocation or botnet. Furthermore attacks can be quantified in terms of success or failure, based on anomalies within the size of HTTP responses, HTTP response codes or active replay of suspicious requests.
+Web server log files are the primary source of information to reconstruct the course of events you got pwned due to vulnerable web applications. However, extracting the relevant information from huge files can be a difficult task. LORG is a tool aimed at security professionals and administrators to simplify the job of finding the 'needle in a haystack' (aka vulnerable web application) in a scenario of post-attack forensics. It aims to implement various state of the art approaches to detect attacks against web applications within HTTP traffic logs (e.g. Apache's `access_log`), including signature-based, statistical and machine learning techniques. Detected incidents are subsequently grouped into sessions which are classified as 'hand-crafted' or automated to distinguish whether the attacker is a man or a machine. In addition, geoIP- and DNSBL lookups can be performed to see if the attacks originate from a certain geolocation or botnet. Furthermore attacks can be quantified in terms of success or failure, based on anomalies within the size of HTTP responses, HTTP response codes or active replay of suspicious requests.
 
 **Pre-alpha. Previously developed as [WebForensik](http://sourceforge.net/projects/webforensik/).**