Securing Applications with Checkmarx

Overview

In today’s DevSecOps environments, security testing can’t wait until production. Securing Applications with Checkmarx + ZAP teaches you how to integrate dynamic application security testing (DAST) directly into your development pipeline and make sense of the results. Through realistic, scenario-based labs, you’ll deploy and automate OWASP ZAP scans, interpret vulnerability reports, tune alert filters, and verify remediation through hands-on experimentation. You’ll also learn to synthesize technical findings into executive-level insights using simple frameworks like “What / So What / Now What. This course is designed for developers, DevSecOps engineers, QA testers, and security professionals who want to embed application security testing into continuous delivery workflows. It’s also well-suited for learners transitioning into application security roles or teams looking to improve scan accuracy, reduce noise, and automate security validation. Learners should have a basic understanding of DAST, SAST, and common application vulnerabilities, along with foundational knowledge of secure coding practices. Experience with CI/CD pipelines, containers, or developer tools is helpful but not required. By the end of this course, you’ll be able to confidently design, run, and communicate automated security scans that transform raw data into actionable intelligence—strengthening both your applications and your organization’s overall security posture.

Syllabus

Building the Security Foundation: Integrating Scanners into the Dev Pipeline

This module introduces the fundamentals of Dynamic Application Security Testing (DAST) and shows how to integrate OWASP ZAP and Checkmarx DAST into a CI/CD workflow. Learners will deploy, configure, and automate baseline scans against a running web app, interpret basic results, and use those findings to drive early security conversations in development.

Beyond the Alerts: Interpreting, Tuning, and Validating ZAP Results

This module moves from simple scanning to analysis and precision. Learners will analyze ZAP results, differentiate between true and false positives, and tune alert filters for meaningful signal. They will then remediate vulnerabilities, re-scan to verify fixes, and document evidence of secure coding improvements.

Scaling Security Intelligence: Continuous Improvement and Reporting

The final module focuses on scaling and communicating application security insights. Learners will design automated reporting pipelines, evaluate vulnerability trends across builds, and create executive-ready summaries using ZAP reports and dashboard data. The emphasis is on converting raw findings into actionable intelligence and measurable business value.