Assessing and enhancing the security posture of software applications and IT infrastructure to protect against cyber threats