If you were tasked with securing a new application, what steps would you take to assess its vulnerabilities?