You need to stand up a repeatable vulnerability assessment and penetration testing approach for a new cloud-hosted application handling sensitive customer data. The goal is not just to name tools, but to choose the right mix for code, infrastructure, containers, and runtime testing so findings can be managed consistently and the team can meet internal security expectations.
What tools would you use for vulnerability assessment and penetration testing, and how would you decide where each one fits in the execution plan?