What steps would you take to identify and mitigate potential attack vectors before a system goes live?