This presentation will take you into the real-world scenarios of the renowned global cybersecurity competition, Pwn2Own. From the vendor’s perspective, we will dissect how attackers successfully discover and exploit vulnerabilities in our products. We will share the technical details of these vulnerabilities and their root causes, including key oversights in development, design, and testing. In addition, we will discuss ways to enhance the Secure Development Lifecycle (SDL) to systematically prevent similar issues.

During this talk, we will explore several real-world attack cases—such as memory management errors and configuration mishaps—providing an in-depth look at how these attacks were executed and the best practices for remediation. By attending, you will gain insights into Pwn2Own attack scenarios and learn about practical security improvements that can strengthen overall product security. This presentation is particularly suited for developers interested in information security, helping you reevaluate product security measures and turn challenges into opportunities, ultimately building stronger defenses for both enterprises and end users.