Abstract: Detection of a security threat to a web browser by: Wrapping a suspect JavaScript code with a detection JavaScript code, wherein, when the wrapped suspect JavaScript code is executed in a web browser, the detection JavaScript code indirectly monitors access to a property of a non-writable, non-configurable JavaScript property, to detect an attempt by the suspect JavaScript code to perform a malicious action in the web browser. Executing the wrapped suspect JavaScript code in the web browser, to effect the monitoring and the detection.

Abstract: At an advertising server: adding tracking code to advertisements served by the advertising server, wherein the tracking code is configured to cause web browsers displaying the served advertisements to transmit their contents to a security server. At the security server: scanning the received advertisements to detect presence of malicious code, and storing results of the scanning in a database. At the advertising server: prior to serving a new advertisement that has won in RTB, querying the database for scan results associated with the new advertisement. When the scan results indicate a malicious advertisement, preventing a serving of the new advertisement. When the scan results indicate a safe advertisement, allowing a serving the new advertisement. When no scan results are available for the new advertisement, adding the tracking code to the new advertisement and serving it, such that its contents are scanned by the security server.

Abstract: Automatically detecting that a software application has received, over a network, advertising code that is configured to display an advertisement within the software application; intercepting the received advertising code; wrapping the intercepted advertising code with program code that is configured to: scan the advertising code for malicious content, and allow or prevent the display of the advertisement within the software application based on the scanning; delivering the wrapped advertising code to the software application as if the wrapped advertising code was received directly from the server, such that, when the wrapped advertising code is executed in the software application: the advertising code is scanned, and the display of the advertisement is allowed or prevented based on the scanning.

Abstract: A method comprising: receiving, from a web browser, a request for content to be inserted into a sub-document that is nested inside a main document; and transmitting to said web browser, in response to the request: said content, and a client-side script that, when inserted by said web browser into said sub-document: (i) listens to software methods that attempt to invoke a user event without an action by a user of said web browser, (ii) analyzes said user event to determine if said user event is configured to cause said web browser to navigate away from said main document.

Abstract: Detection of a security threat to a web browser by: Wrapping a suspect JavaScript code with a detection JavaScript code, wherein, when the wrapped suspect JavaScript code is executed in a web browser, the detection JavaScript code indirectly monitors access to a property of a non-writable, non-configurable JavaScript property, to detect an attempt by the suspect JavaScript code to perform a malicious action in the web browser. Executing the wrapped suspect JavaScript code in the web browser, to effect the monitoring and the detection.

Abstract: At an advertising server: adding tracking code to advertisements served by the advertising server, wherein the tracking code is configured to cause web browsers displaying the served advertisements to transmit their contents to a security server. At the security server: scanning the received advertisements to detect presence of malicious code, and storing results of the scanning in a database. At the advertising server: prior to serving a new advertisement that has won in RTB, querying the database for scan results associated with the new advertisement. When the scan results indicate a malicious advertisement, preventing a serving of the new advertisement. When the scan results indicate a safe advertisement, allowing a serving the new advertisement. When no scan results are available for the new advertisement, adding the tracking code to the new advertisement and serving it, such that its contents are scanned by the security server.

Abstract: A method, system, and computer program product for security scanning of advertisements displayed inside software applications. First, it is automatically detected that the software application has received from a server, over a network, advertising code that is configured to display an advertisement within the software application. Then, the received advertising code is intercepted, and is wrapped with program code that is configured to: scan the advertising code for malicious content, and allow or prevent the display of the advertisement within the software application based on the scanning. Finally, the wrapped advertising code is delivered to the software application as if the wrapped advertising code was received directly from the server, such that, when the wrapped advertising code is executed in the software application: the advertising code is scanned, and the display of the advertisement is allowed or prevented based on the scanning.

Abstract: A method comprising: receiving, from a web browser, a request for content to be inserted into a sub-document that is nested inside a main document; and transmitting to said web browser, in response to the request: said content, and a client-side script that, when inserted by said web browser into said sub-document: (i) listens to software methods that attempt to invoke a user event without an action by a user of said web browser, (ii) analyzes said user event to determine if said user event is configured to cause said web browser to navigate away from said main document.