Is there a JIRA-specific security checklist published by Atlassian or a reliable organization?
Our JIRA instance runs behind Apache (reverse proxy) and is open to the public Internet.
As far as I know there isn't a official check lsit as such, there are few articles which address this issue.
You can have a look at following documentation https://confluence.atlassian.com/display/JIRA/Securing+JIRA+with+Apache+HTTP+Server
Also you should have a look at mod_security apache module .
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG