Alex Inführ – PDF + the Web: What could possible go wrong

Posted on Updated on

Alex InfuhrPDF is a well-known file format in the world of PCs and even mobile phones.

This talk will focus on PDF Features in the context of the World Wide Web.

As soon as a PDF is opened in a Web Browser, the rules and security implication change.

The talk will discuss features like Formcalc, an easy to use language to access files on the same origin.

I will show how FDF can be used to steal a static PDF, which cannot influenced by an attacker at all.

Additionally some unfished research will be shown and a short glimpse, why Foxit Reader is even worse than Adobe Reader.

Alexander Inführ started his career as a Penetration Tester for Cure53 during his studies.

His research focus on modern Web Browsers and their used technology. Dies lead to a contract with Microsoft, where he worked with an external team, which was assigned to uncover flawes in Internet Explorer.

Today he is researching the Portable Document Format and modern PDF viewers. He presented his findings on conferences like BSides Vienna, IT-SECX, OWASP Appsec 2015 or HackPra.