F5 Agility Template > Class5 - NGINX App Protect WAF > Module 2 - Protect the Arcadia Finance App with NGINX App Protect WAF Source | Edit on

Test a SQL Inject Attack against the Arcadia Finance App¶

Before you enable the App Protect service, attempt a SQL injection attack on the Acardia Finance app. In Firefox, open a new tab then click on the Arcadia Finance (DIY) bookmark or navigate to https://diy.arcadia-finance.io/.

../../../_images/arcadia_diy_bookmark.png

Click the Login button to load the login screen.

../../../_images/arcadia_login_button.png

You will see the Arcadia Finance application login screen.

../../../_images/arcadia_login_prompt.png

For the username, type or paste the following value:

' or 1=1-- '

and click Log me in.

You should be immediately returned to the empty login prompt. While your SQL injection was not successful in logging into the system, the attempt was not blocked. We’ll enable the App Protect WAF policy and re-attempt to ensure protection is enforce as you progress through the lab.

Previous Next