<
Doris Grabner

Is your WEBSITE SECURE?

An adserver offers a lot of opportunities to integrate ads on websites. You’ll find the most common integrations for your page and their risks and side effects here.

A href / Img-tag
Is the oldest advertising solution, however, does not provide options to integrate HTML5 on the page. Currently this type is used for fallbacks only.

document.write
By using “document.write” Javascript-content can be integrated by the adserver into your page. A common method with a lot of disadvantages and security risks. Ads can access all the content of the page, such as user data, passwords, cookies. etc.

Iframes
Iframes are becoming increasingly popular, as they are easy to integrate and the risks seem low. However, this does not apply to all types of iframe integration.

Friendly iframe
Here the ad is displayed in an iframe. The content can not be influenced. However, the access to the website by advertising material is still possible since the browser looks at the advertising material as part of the page.

break out of iframe
The full access to the site is here explicitly wanted as interstitials, overlays etc. have to break out of the iframe. Meaning, the ad has to integrate parts of its code in the page to be displayed. Javascript errors that paralyze the entire page and phishing attacks without users can protect themselves or even noticing, are just a few risks to be considered.

Unfriendly iframe
Are iframes which do not run on the same domain. All modern browsers check each loaded content throughout the “same-origin policy”. An access to the page by the publisher is not possible. However, Overlays, Expandables, etc. neither.

“Same-origin policy”
Simplified said, you are only able to access and change your own content. Ads have no chances to break out of the iframe, to change the content or spy on any data. Creative developers can use any framework and choose freely from CSS, Javascript, etc.. In conventional integration solutions only fixed banner sizes can be used. Special advertising formats need to be developed and integrated by the publisher himself. The security is high since the browser takes care of the security of the website itself.

Sandbox iframe / IAB SafeFrame
Is a special version of “Unfriendly iframes” and offers all the advantages of the friendly iframe and unfriendly iframes but without the disadvantage in terms of security.

ADvantage uses Sandbox iframe solution for its Web-framework. ADvantage establishes a 2-way communication between the ad and the ADvantage WebSDK using HTML5 (as Facebook and other social media plugins) to ensure the security of the site and users.

 

28. 04. 2016