{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:01:58Z","timestamp":1777806118208,"version":"3.51.4"},"reference-count":49,"publisher":"SAGE Publications","issue":"6","license":[{"start":{"date-parts":[[2020,10,14]],"date-time":"2020-10-14T00:00:00Z","timestamp":1602633600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2020,11,27]]},"abstract":"<jats:p>Among the service models provided by the cloud, the software as a service (SaaS) model has had the greatest growth. This service model is an attractive option for organizations, as they can transfer part or all of their IT functions to a cloud service provider. However, there is still some uncertainty about deciding to carry out a migration of all data to the cloud, mainly due to security concerns. The SaaS model not only inherits the security problems of a traditional application, but there are unique attacks and vulnerabilities for a SaaS architecture. Additionally, some of the attacks in this environment are more devastating due to nature of shared resources in the SaaS model. Some of these attacks and vulnerabilities are not yet well known to software designers and developers. This lack of knowledge has negative consequences as it can expose sensitive data of users and organizations. This paper presents a rigorous systematic review using the SALSA framework to know the threats, attacks and countermeasures to mitigate the security problems that occur in a SaaS environment. As part of the results of this review, a classification of threats, attacks and countermeasures in the SaaS environment is presented.<\/jats:p>","DOI":"10.3233\/jcs-200002","type":"journal-article","created":{"date-parts":[[2020,10,16]],"date-time":"2020-10-16T12:17:42Z","timestamp":1602850662000},"page":"635-653","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":10,"title":["A systematic review of security threats and countermeasures in SaaS"],"prefix":"10.1177","volume":"28","author":[{"given":"Miguel \u00c1ngel","family":"D\u00edaz de Le\u00f3n Guill\u00e9n","sequence":"first","affiliation":[{"name":"National Laboratory of Information Technologies, Autonomous University of Ciudad Ju\u00e1rez, M\u00e9xico"}]},{"given":"V\u00edctor","family":"Morales-Rocha","sequence":"additional","affiliation":[{"name":"National Laboratory of Information Technologies, Autonomous University of Ciudad Ju\u00e1rez, M\u00e9xico"}]},{"given":"Luis Felipe","family":"Fern\u00e1ndez Mart\u00ednez","sequence":"additional","affiliation":[{"name":"National Laboratory of Information Technologies, Autonomous University of Ciudad Ju\u00e1rez, M\u00e9xico"}]}],"member":"179","published-online":{"date-parts":[[2020,10,14]]},"reference":[{"issue":"5","key":"ref001","first-page":"3129","volume":"8","author":"Alam S.","year":"2018","journal-title":"International Journal of Electrical and Computer Engineering"},{"issue":"11","key":"ref002","first-page":"9220","volume":"12","author":"Aldaej A.","year":"2017","journal-title":"Journal of Engineering and Applied Sciences"},{"key":"ref003","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2015.01.025"},{"key":"ref004","doi-asserted-by":"publisher","DOI":"10.4018\/IJIIT.2016040102"},{"key":"ref005","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-013-0133-z"},{"key":"ref006","doi-asserted-by":"publisher","DOI":"10.1016\/j.jksuci.2012.06.002"},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2016.08.280"},{"key":"ref008","doi-asserted-by":"publisher","DOI":"10.3233\/JIFS-169007"},{"issue":"2","key":"ref009","first-page":"1912","volume":"5","author":"Charanya R.","year":"2013","journal-title":"International Journal of Engineering and Technology"},{"key":"ref010","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2016.03.004"},{"key":"ref011","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.12.001"},{"key":"ref012","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2018.08.007"},{"key":"ref013","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2016.05.001"},{"key":"ref014","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.01.019"},{"key":"ref015","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2018.04.143"},{"key":"ref016","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2018.12.009"},{"key":"ref017","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.08.016"},{"key":"ref018","doi-asserted-by":"publisher","DOI":"10.1016\/j.jcss.2014.02.005"},{"key":"ref019","doi-asserted-by":"publisher","DOI":"10.1145\/1095809.1095820"},{"key":"ref020","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2016.05.202"},{"key":"ref021","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.05.010"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2016.08.075"},{"key":"ref023","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.09.005"},{"key":"ref024","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2017.12.089"},{"key":"ref025","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2018.12.005"},{"key":"ref026","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.10.015"},{"key":"ref027","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.05.003"},{"key":"ref028","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2015.04.011"},{"key":"ref029","unstructured":"M.\u00a0Mulazzani, S.\u00a0Schrittwieser, M.\u00a0Leithner, M.\u00a0Huber and E.\u00a0Weippl, Dark clouds on the horizon: Using cloud storage as attack vector and online slack space, 2011."},{"key":"ref030","first-page":"80","volume":"15","author":"Nagarjuna","year":"2015","journal-title":"International Journal of Computer Science and Network Security"},{"key":"ref031","unstructured":"T.\u00a0Pai and P.S.\u00a0Aithal, A review on security issues and challenges in cloud computing model of resource management, 2017."},{"key":"ref032","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(06)70323-3"},{"key":"ref033","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.03.002"},{"key":"ref034","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2017.06.124"},{"key":"ref035","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2015.04.171"},{"key":"ref036","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2016.05.189"},{"key":"ref037","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2016.10.005"},{"key":"ref038","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.11.027"},{"key":"ref039","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.09.002"},{"key":"ref040","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2017.03.010"},{"issue":"1","key":"ref041","first-page":"253","volume":"7","author":"Srinivasu N.","year":"2018","journal-title":"International Journal of Engineering and Technology (UAE)"},{"key":"ref042","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2018.06.006"},{"key":"ref043","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-013-5050-z"},{"key":"ref044","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2018.07.006"},{"key":"ref045","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2016.07.335"},{"key":"ref046","doi-asserted-by":"publisher","DOI":"10.1109\/ICICT48043.2020.9112421"},{"key":"ref047","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2017.09.050"},{"key":"ref048","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2018.12.091"},{"key":"ref049","doi-asserted-by":"publisher","DOI":"10.1016\/j.sbspro.2014.06.002"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-200002","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-200002","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-200002","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:24Z","timestamp":1777495524000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-200002"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,14]]},"references-count":49,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2020,11,27]]}},"alternative-id":["10.3233\/JCS-200002"],"URL":"https:\/\/doi.org\/10.3233\/jcs-200002","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10,14]]}}}