Blogs by Eric Newcomer
Eric Newcomer
Principal Analyst and CTO at Intellyx, a technology analysis firm focused on enterprise digital transformation.
He previously served as CTO at WSO2 and at IONA, led Security Architecture for Citi’s consumer banking and was Chief Architect for Citi and Credit Suisse’s trade and investment divisions.
Eric is an internationally recognized expert in transaction processing, integration and cloud migration, having contributed to many industry standards including OSGi, Eclipse, SOAP, WSDL, UDDI, AMQP and more. His textbooks, including Principles of Transaction Processing, Understanding Web Services, and Understanding SOA with Web Services are used at universities around the world.
Posts on
- Mobile API Security (200)
- Mobile App Authentication (93)
- Mobile App Development (85)
- Mobile App Security (79)
- Mobile Security (75)
- Threats (74)
- API Abuse (64)
- Integration (56)
- API Keys (53)
- MitM (49)
- Bots (43)
- Business (38)
- Certificate Pinning (35)
- Reverse Engineering (31)
- App Attestation (27)
- Quickstart (26)
- Android Security (24)
- Backend (24)
- TLS (22)
- Repackaged Apps (20)
- Mobile Finance (18)
- Scrapers (18)
- iOS (18)
- RASP (15)
- Connected Car (14)
- Zero Trust (13)
- Mobile Health (12)
- Gaming and Gambling (11)
- News (10)
- Run-time Secrets Protection (10)
- ReactNative (9)
- Third Party APIs (8)
- Fake Accounts (7)
- Huawei (7)
- Retail (7)
- API Gateway (6)
- Account Hijacking (6)
- Apple (6)
- Compliance & Privacy (6)
- Zero Secret (6)
- Cybersecurity (5)
- Google (5)
- OAuth2 (5)
- Reverse Proxy (5)
- App Store (4)
- Code Obfuscation (4)
- Cross-Platform (4)
- OWASP (4)
- Web Security (4)
- Agentic AI (3)
- Aggregators (3)
- Cloud (3)
- Data Security (3)
- E-Commerce (3)
- Mobile App Distribution (3)
- Runtime Application Self-Protection (3)
- SafetyNet (3)
- Token-Based API Access (3)
- gRPC (3)
- Frida (2)
- Frontend (2)
- Mobile Banking (2)
- Mobile Payment Security (2)
- Pentesting (2)
- SDLC (2)
- AI Scraping (1)
- App Shielding (1)
- CNIL (1)
- Credential Stuffing (1)
- DeviceCheck (1)
- Google Play (1)
- Government (1)
- Runtime Secrets Protection (1)
- SDK (1)
- Supply-chain (1)
Popular Posts
- Revealing the Limitations of Apple DeviceCheck and Apple App Attest
- How to Bypass Certificate Pinning with Frida on an Android App
- Limitations of Google Play Integrity API vs. Approov Mobile Security
- How to Extract an API Key from a Mobile App by Static Binary Analysis
- Securing APIs with Approov and Cloudflare: A Comprehensive Guide
- MitM Attacks on Android Apps: A Step-by-Step Guide Using Emulators
- Are You Human, Robot or Just Impatient?
- Three Actions You Should Take Right Now to Stop Mobile MitM Attacks
- 5 Threats to Mobile Games and 5 Essential Security Measures
- Bypassing Certificate Pinning
- Secure Your Mobile App from Geo-Spoofing with Robust API Integration
- Limitations of Huawei HarmonyOS Safety Detect: What You Need to Know
- How to Ride the Bus for Free (Hackers Need Not Apply)
- Why Does Your Mobile App Need an API Key?
- Limitations of Hardware-Backed Key Attestation in Mobile Security
