Lessons Learned from SunDEW: A Self Defense Environment for Web Applications