We created a “Game of Hacks” – a viral web app marketed as a tool to train developers on secure coding – with the intention of building a honeypot. During a 6-month timeframe, we witnessed each attack that came at this game, secured the app against it and studied how attackers adapted to the mitigation measures. The lessons learned can be applied to any web app introduced into the organization.