How do you conduct vulnerability assessments and penetration tests to identify weaknesses before they can be exploited?