The DShield project has been providing the information security industry with early attack warning data for over 8 years. The project has recently been expanding the detection scope to web application attacks. Volunteers deploy web honeypots distributed around the globe. These honeypots collect full log details (including HTTP request header and body) for DShield to archive and analyze. In this presentation, the goals and architecture as well as the experience gained in designing and implementing the distributed honeypot application will be shared and discussed along with demonstrations of some of the more interesting results obtained. Audience members will be encouraged to participate and contribute to the project.