This paper presents a hybrid teaching approach, a new Web Security course as well as how to use the hybrid approach to teach the Web Security course to practice information assurance. The hybrid teaching approach contains three key issues that are keeping the lecture materials up-to-date, assigning former research projects as comprehensive team projects, and connecting classroom knowledge with real world web applications. We have applied this approach to the teaching a Web Security course and achieved excellent results. Our experience exhibits that integrating education, research and web applications into the Web Security course to practice information assurance are essential for a sound security education. Using this approach instructors connect knowledge in the classroom to real world applications, attract students to the security area, and train students to become information assurance professionals.