Let's assume you have a process in a company which is currently entirely not digital or partially digitalized. Which means phone calls, emails, postal service and maybe some old technologies are used like IBM AS400 for example.
The consulting company starts with analysing the process AsIs and produces a schema that explains the different interactions between all the concerned parties.
Next is to define the context of the project, it's scope and objectives
Here we should draw the different processes as workflows that explain how the application should work between the different actors for example if we are talking about an app in a company that manages invoices of its providers the worflow starts from reception of the invoice and should describe all the cases until its payment
Here we should describe: the authentication, the protocols used for requests between the different components : Front End BFF(Backend for frontend) and inner APIs, Databases and others this should include proxies and cloud. The requests are for example HTTPS and JDBC
Defining how we can achieve it and avoid attacks this include authentication, token management, user roles and verifying in the backend that each endpoint can be used with a specific user. Also implementing OWASP principles
The product should be built following the previous guidelines. A focus on quality and testing should be done, also agility and principles like Definition of done, definition of ready, test driven developement and software craftmanship.