André N. Klingsheim

For those wondering what I've been up to lately.

The last couple of years I've been working in the financial sector as a security architect, mostly concerned with development of ASP.NET applications. In addition to my day to day development chores I'm also maintaining two open source projects. In mid-2013 I received the MVP award in Developer Security.

To keep an eye on what I'm up to these days you should find me on Twitter: . You'll find that I'm less active on other social networks such as: and .

You can also reach me by e-mail, try my klingsen Gmail for private matters or klings at appsec (dot) no if it's work related.

I occasionally post something to my , here are my latest ramblings:


I have a couple of projects "on the side." I see regular downloads in the projects' statistics, so it might well be that someone find them useful. Have a look!


NWebsec is a security library for ASP.NET applications. It can help you set security headers in HTTP responses, suppress version headers, and control cache headers. NWebsec is available through NuGet — you'll quickly have it up and running. Consult the project website to learn the nitty gritty details.

NWebsec on Github


TransformTool is an encoding multitool. It lets you easily apply a series of encoding operations to an input. There are many possibilities — ranging from all character sets supported in the .NET framework to common application level encodings such as HTML, URL, and Base64 encoding. The tools also supports common hash and crypto algorithms.

TransformTool on codeplex


I also have a GitHub account, where I keep various projects that are somewhat short lived. E.g. applications used for demos during a talk usually live here.

My GitHub repos


Every now and then I give a talk. I'll keep track of them here, with links to slides and/or video.

When What Where Slides/video
19. Jun 2015 Boosting security with HTTP headers NDC Oslo slides / video
18. Jun 2015 .NET Rocks Panel on Application Security NDC Oslo video
18. Sep 2013 Federated and fabulous identity The Norwegian Computer Society, member meeting. slides
29. May 2013 Security "for free" through HTTP headers NNUG Bergen slides
14. March 2013 Securing your web application through HTTP headers Booster slides
27. April 2012 Getting authentication right Roots '12 slides
23. May 2011 The browser - your best friend and worst enemy Roots '11 slides / video
2. May 2011 Online banking Trojans - recent developments and countermeasures Norwegian Computer Society, ISACA, ISF member meeting slides
28. Jan. 2009 Er du til salgs? ID-tyveri og Internett Eureka conference
11. Dec. 2008 Security Risk Management OWASP Netherlands (Amsterdam)
29. Apr. 2008 Architectural Risk Analysis Roots '08
31. Jan. 2008 Identity Theft: Much too Easy? A study of Online Systems in Norway Financial Cryptography and Data Security '08
19. Nov. 2007 Your Privacy on the Internet Norsk kryptoseminar
16. Oct. 2007 Kampen mot IT-skurkene Information Week, UiB
12. Oct. 2007 Identity Theft: Much too Easy? A study of Online Systems in Norway NordSec '07
19. Nov. 2007 NBNs, the Internet, and your Privacy ICT Research School, UiB
18. May 2006 J2ME, JABWT, and SATSA JavaBin Bergen
20. Apr. 2006 Vulnerabilities in E-Governments 2nd International Conference on Global E-Security (ICGeS-06)


A few years back I was part of a research group at the University of Bergen: NoWires research group. My research papers are accounted for here.

My PhD thesis is available for download (it includes all papers below).
My Master's thesis was titled J2ME Bluetooth programming.

Published papers

K. J. Hole, A. N. Klingsheim, L.-H. Netland, Y. Espelid, T. Tjøstheim, and V. Moen, “Risk Assessment of a National Security Infrastructure,” IEEE Security & Privacy, January/February 2009. (See Copyright notice below.)

Y. Espelid, L.-H. Netland, A. N. Klingsheim, and K. J. Hole, “Robbing Banks with Their Own Software—an Exploit against Norwegian Online Banks,” in Proc. IFIP International Information Security Conference (SEC 2008), September, 2008.

K. J. Hole, L.-H. Netland, Y. Espelid, A. N. Klingsheim, H. Helleseth, and J. B. Henriksen, “Open Wireless Networks on University Campuses,” IEEE Security & Privacy, July/August 2008. (See Copyright notice below.)

K. J. Hole, T. Tjøstheim, V. Moen, L.-H. Netland, Y. Espelid, and A. N. Klingsheim, “Next Generation Internet Banking in Norway,” Technical Report 371, Department of Informatics, University of Bergen, February 2008.

A. N. Klingsheim and K. J. Hole, “Personal Information Leakage: A study of Online Systems in Norway,” Technical Report 370, Department of Informatics, University of Bergen, February 2008.

Y. Espelid, L.-H. Netland, A. N. Klingsheim, and K. J. Hole, “A Proof of Concept Attack against Norwegian Internet Banking Systems,” in Proc. Financial Cryptography and Data Security, January, 2008. © IFCA

A. N. Klingsheim and K. J. Hole, “Identity Theft: Much too Easy? A study of Online Systems in Norway,” in Proc. Financial Cryptography and Data Security, January, 2008. © IFCA

K. J. Hole, V. Moen, A. N. Klingsheim, and K. M. Tande, “Lessons from the Norwegian ATM System,” IEEE Security & Privacy, November/December 2007. (See Copyright notice below.)

A. N. Klingsheim, V. Moen, and K. J. Hole, “Challenges in Securing Networked J2ME Applications,” IEEE Computer, February 2007. (See Copyright notice below.)

V. Moen, A. N. Klingsheim, K. I. F. Simonsen, and K. J. Hole, “Vulnerabilities in E-Governments,” in Proc. 2nd International Conference on Global E-Security (ICGeS-06), London, England, April 20-22, 2006. The paper is also printed in International Journal of Electronic Security and Digital Forensics, Vol. 1, No. 1, 2007.

Copyright notice

© 2007, 2008, 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.