Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Denial of Service for JSM Forms

george_bullock
george_bullock January 5, 2025

How to you (or I) reduce the likelihood of a Denial of Service attack to a JSM Form

Our form as 1st time sign in but I am sure that could be breached

Answer
Watch
Like Be the first to like this
77 views

2 answers

1 vote
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 5, 2025

Hi George,

See if this documentation helps:

https://confluence.atlassian.com/security/preventing-security-attacks-in-jira-service-management-1409093088.html

 

View More Comments
george_bullock
george_bullock January 6, 2025

Thanks John - but that seems to point to what we do.

As we are on JSM Cloud I assume JSM has some sort of Denial of Service approach - we are getting our external Users to create a password but like all these things we cannot mandate to them the password other than what JSM already does.

Like
John Funk
John Funk
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 6, 2025

Correct - user accounts (and therefore passwords) belong to Atlassian, not your instance. So the same user account (i.e. email address) can be used in multiple instances across the world - not just ones owned by a single organization. 

Like
Reply
0 votes
Marc - Devoteam
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 6, 2025

Hi @george_bullock 

See, https://www.atlassian.com/trust/security/detections-program and https://www.atlassian.com/trust/compliance/resources/acsc-cloud-computing-security/guidance 

View More Comments
george_bullock
george_bullock January 6, 2025

Thanks Marc

I am guessing this is the answer

Atlassian Security Engineering uses IPS technologies that are implemented in our office environments. Network threat protection is performed by AWS, including DDoS protection and some Web Application Firewall features.

Regarding Specific ProductsJira Align uses Cloudflare for WAF, DDOS, DNS-SEC. We use Alert Logic IDS, log analysis, and cloudtrail. We use Nexpose for scanning shared network components with Atlassian Cloud stack. We use custom Splunk log analysis.

Like Marc - Devoteam likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events