diff --git a/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek b/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek
new file mode 100644
index 0000000000..ed24b32ff6
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek
@@ -0,0 +1,13 @@
+# @TEST-EXEC: zeek -C -r $TRACES/http/cooper-grill-dvwa.pcapng -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: zeek-cut -m uid method host uri tags < http.log > http.log.cut
+# @TEST-EXEC: btest-diff http.log.cut
+
+@load base/protocols/http
+@load protocols/http/detect-sqli
+
+event connection_state_remove(c: connection)
+	{
+	if ( c?$http )
+		print c$uid, c$id, cat(c$http$tags);
+	}