In many fields of Computer Engineering education it is crucial that students gain both conceptual understanding and practical skills. To this end, an effective teaching approach relies on a blended-learning strategy that combines face-to-face lessons with students' practice on some suitable educational tool. Such a tool should support students through the whole learning process, and help them to improve their modelling ability along with their programming expertise. In this paper we describe S-vLab, a virtual laboratory for supporting teaching and learning in several applicative domains; in particular, we analyse S-vLab applied to the Information Security field. In this context, one of its main goals is to help students in dealing with the Java Security Platform, supporting different learning styles and allowing multiple formative paths. Using S-vLab students can, in various steps, model a secure system, simulate its behaviour and evaluate its performance, and finally build and test a software prototype by leveraging numerous facilities. These include the provision of extracts of sample Java code, the availability of supporting resources and a continuous and immediate feedback, aimed at pointing out possible errors and suggesting solutions. After describing more in detail the features provided by S-vLab, as well as how the depicted functionalities can help in achieving the settled learning goals, we refer on the results obtained in an experimentation of the virtual lab during a course on Information Security with about 150 students.