Web application security has been an emerging topic while an increasing number of commercial applications are web-based. We are developing a new secure web development teaching tool, called SWEET (Secure WEB Development Teaching), to teach the students about web application security based on the life cycle of the application development. This paper describes the development of SWEET and provides an example of laboratory exercises on secure web communications. Experiences of incorporating SWEET in Information Assurance courses are also discussed.