- Reconnaissance -> Information gathering
- Static Analysis -> Looking into code and finding used permissions,leak api key or tokens. Looking into Hard coded Strings
- Dynamic Analysis -> intercepting traffic with tools like burp suite and ghidra
- Reporting -> Writing Report and Reporting the bugs