Walk me through the step-by-step process of how you would conduct a web penetration test on a newly deployed API endpoint.