Context.
Currently I have a honeypot that runs static html page and all POST request are captured and username and password field is extracted to send an alert on attack.
Problem?
Now I want more functions to it, I don’t want to run container based solutions cause I want to scale it. Possible solution I had to get all requests process it through set of rules and realize if it is XSS, CSRF, Injection etc etc. But this has some limitations that zero days might slip by. Any suggestions? On how to setup web honeypots to catch all sort of attacks?