How do you conduct vulnerability assessments and penetration tests on web applications and internal networks?