To meet the growing demand for skilled professionals who can develop secure software, it is important to provide software security education to computer science students in colleges and universities. This paper describes a set of hands-on laboratory exercises we developed to teach software security. These laboratory exercises cover the following topics: code review with tools, web application vulnerability assessment, web spidering, exploiting hidden value, fuzz testing, and threat modeling. Our teaching experiences and related work are also discussed.