Nowadays, web applications have become most prevailing in the industry, and the critical data of most organizations are stored using web apps. Thus, web applications pose a large target for assorted cyber-attacks. As mitigation for them, among many proposed solutions, web application honeypots are much sophisticated and robust protection.

In this paper, we propose a low interaction, adaptive, and dynamic web application honeypot that imitates the vulnerabilities through HTTP events. The honeypot is built with SNARE and TANNER; SNARE devises the attack surface and sends the requests to TANNER, which evaluates them and determines how SNARE should respond to the requests. TANNER is an analysis and classification tool, which analyses and evaluates HTTP requests served by SNARE, and composes a dynamic response by its emulation engine. The honeypot works abreast major complex vulnerabilities, deceiving the attacker by lying under the surface of a real web application.