Web application security has been an emerging topic while an increasing number of information systems are designed based on Extensible Makeup Language (XML) and using Hypertext Transfer Protocol (HTTP) for communications. For example, in recent years, social networking software has been used intensively, especially among college students, and integrated with various marketing or gaming software. This workshop will discuss security issues in web application development and demonstrate web security vulnerabilities and countermeasures through hands-on exercises. The exercises are developed by a NSF-funded project called SWEET (Secure web development teaching). SWEET is consisted of eight teaching modules of web application security. To demonstrate potential web server vulnerabilities, the teaching modules include hands-on exercises that are preconfigured in Linux virtual machines. The workshop will also discuss examples of incorporating SWEET in Information Systems curriculum.