Hi , we are making some website about security.
Our security is very important.
We planned to use Liferay on our website but...

There maybe jsp inject or bytecode run vulnerability may happen on somewhere.

If we make all Liferay users filesystem readonly , will it make problem on somewhere ?
Another security thing is we may manupilate jvm instructions to prevent some bytecode run.
We can encyrpt jvm for that , so we recompile liferay maybe.It makes some problem on somewhere else?

What about DDoS protections?
is there any way to protect from DDoS attacks?

Someone have ideas?