Web application honeypots are security tools used to act as a decoy server. Over the past decades, various researches have been done on the topic. Security breaches can cause simple individual user account impersonation to bank database breaches and illegal transactions. Cybersecurity faces the daily challenge of adapting to attackers' evolving methods, including zero-day attacks. This makes intrusion detection and prevention tools unable to detect these attacks. The existing trend within the honeypot technology relies on a predefined and static level of interaction either low, medium, or high. This approach fails to account for the unpredictable nature of attack vectors and makes web application honeypots ineffective against sophisticated attacks. Application logging and request fingerprinting also have no proven methods to employ within a honeypot. A dynamic level of interaction makes the web application honeypot technology better by presenting scalable and manageable control over the attackers. We develop a modular and dynamically interactive web application honeypot capable of detecting broken access control, standard query language injection, cross-site scripting, and path traversal attack targets for web apps. We also incorporate a robust logging and fingerprinting module capable of tracing attacker requests. The proposed web application honeypot achieves an average response time of 523 milliseconds, a throughput of 105 requests per second, and an average engagement of 769.38 seconds. Improving the web application Honeypot helps organizations keep themselves ahead of attackers by empowering the significance of Honeypot. Developing a web application honeypot with a newly designed approach helps other scholars and researchers extend their work.

Honeypots are effective network security systems built to study the tactics of attackers and their intents. In this paper, we deployed Kippo honeypot to analyze Secure Shell attacks. Both the dictionary attack and intrusion activities of attackers have been discussed. We collected usernames and passwords that are attempted by dictionary attack targeting Secure Shell service. We have traced the frequently attacking machines based on their IP addresses. We have also recorded the commands they executed after successful logins to the Secure Shell honeypot server. We logged vast amount of connection requests destined to number of ports originated from different locations of the world. From our honeypot system, we have collected attack data that enables us to learn common Secure Shell based attacks.