Securing Applications with Checkmarx

In today’s DevSecOps environments, security testing can’t wait until production. Securing Applications with Checkmarx + ZAP teaches you how to integrate dynamic application security testing (DAST) directly into your development pipeline and make sense of the results. Through realistic, scenario-based labs, you’ll deploy and automate OWASP ZAP scans, interpret vulnerability reports, tune alert filters, and verify remediation through hands-on experimentation. You’ll also learn to synthesize technical findings into executive-level insights using simple frameworks like “What / So What / Now What. This course is designed for developers, DevSecOps engineers, QA testers, and security professionals who want to embed application security testing into continuous delivery workflows. It’s also well-suited for learners transitioning into application security roles or teams looking to improve scan accuracy, reduce noise, and automate security validation. Learners should have a basic understanding of DAST, SAST, and common application vulnerabilities, along with foundational knowledge of secure coding practices. Experience with CI/CD pipelines, containers, or developer tools is helpful but not required. By the end of this course, you’ll be able to confidently design, run, and communicate automated security scans that transform raw data into actionable intelligence—strengthening both your applications and your organization’s overall security posture

• Install Checkmarx ZAP and Docker for code testing and analyze scan results
• Differentiate DAST from SAST and configure ZAP scanning
• Describe container risks and identify vulnerabilities in container images

• Basic familiarity with the topic and its common terminology
• Readiness to practice through applied exercises or case-based work