The last couple of years I've been working in the financial sector as a security architect, mostly concerned with development of ASP.NET applications. In addition to my day to day development chores I'm also maintaining two open source projects. In mid-2013 I received the MVP award in Developer Security.
You can also reach me by e-mail, try my klingsen Gmail for private matters or klings at appsec (dot) no if it's work related.
I occasionally post something to my blog, here are my latest ramblings:
I have a couple of projects "on the side." I see regular downloads in the projects' statistics, so it might well be that someone find them useful. Have a look!
NWebsec is a security library for ASP.NET applications. It can help you set security headers in HTTP responses, suppress version headers, and control cache headers. NWebsec is available through NuGet — you'll quickly have it up and running. Consult the project website to learn the nitty gritty details.
TransformTool is an encoding multitool. It lets you easily apply a series of encoding operations to an input. There are many possibilities — ranging from all character sets supported in the .NET framework to common application level encodings such as HTML, URL, and Base64 encoding. The tools also supports common hash and crypto algorithms.
I also have a GitHub account, where I keep various projects that are somewhat short lived. E.g. applications used for demos during a talk usually live here.
Every now and then I give a talk. I'll keep track of them here, with links to slides and/or video.
|19. Jun 2015||Boosting security with HTTP headers||NDC Oslo||slides / video|
|18. Jun 2015||.NET Rocks Panel on Application Security||NDC Oslo||video|
|18. Sep 2013||Federated and fabulous identity||The Norwegian Computer Society, member meeting.||slides|
|29. May 2013||Security "for free" through HTTP headers||NNUG Bergen||slides|
|14. March 2013||Securing your web application through HTTP headers||Booster||slides|
|27. April 2012||Getting authentication right||Roots '12||slides|
|23. May 2011||The browser - your best friend and worst enemy||Roots '11||slides / video|
|2. May 2011||Online banking Trojans - recent developments and countermeasures||Norwegian Computer Society, ISACA, ISF member meeting||slides|
|28. Jan. 2009||Er du til salgs? ID-tyveri og Internett||Eureka conference|
|11. Dec. 2008||Security Risk Management||OWASP Netherlands (Amsterdam)|
|29. Apr. 2008||Architectural Risk Analysis||Roots '08|
|31. Jan. 2008||Identity Theft: Much too Easy? A study of Online Systems in Norway||Financial Cryptography and Data Security '08|
|19. Nov. 2007||Your Privacy on the Internet||Norsk kryptoseminar|
|16. Oct. 2007||Kampen mot IT-skurkene||Information Week, UiB|
|12. Oct. 2007||Identity Theft: Much too Easy? A study of Online Systems in Norway||NordSec '07|
|19. Nov. 2007||NBNs, the Internet, and your Privacy||ICT Research School, UiB|
|18. May 2006||J2ME, JABWT, and SATSA||JavaBin Bergen|
|20. Apr. 2006||Vulnerabilities in E-Governments||2nd International Conference on Global E-Security (ICGeS-06)|
A few years back I was part of a research group at the University of Bergen: NoWires research group. My research papers are accounted for here.
K. J. Hole, A. N. Klingsheim, L.-H. Netland, Y. Espelid, T. Tjøstheim, and V. Moen, “Risk Assessment of a National Security Infrastructure,” IEEE Security & Privacy, January/February 2009. (See Copyright notice below.)
Y. Espelid, L.-H. Netland, A. N. Klingsheim, and K. J. Hole, “Robbing Banks with Their Own Software—an Exploit against Norwegian Online Banks,” in Proc. IFIP International Information Security Conference (SEC 2008), September, 2008.
K. J. Hole, L.-H. Netland, Y. Espelid, A. N. Klingsheim, H. Helleseth, and J. B. Henriksen, “Open Wireless Networks on University Campuses,” IEEE Security & Privacy, July/August 2008. (See Copyright notice below.)
K. J. Hole, T. Tjøstheim, V. Moen, L.-H. Netland, Y. Espelid, and A. N. Klingsheim, “Next Generation Internet Banking in Norway,” Technical Report 371, Department of Informatics, University of Bergen, February 2008.
A. N. Klingsheim and K. J. Hole, “Personal Information Leakage: A study of Online Systems in Norway,” Technical Report 370, Department of Informatics, University of Bergen, February 2008.
Y. Espelid, L.-H. Netland, A. N. Klingsheim, and K. J. Hole, “A Proof of Concept Attack against Norwegian Internet Banking Systems,” in Proc. Financial Cryptography and Data Security, January, 2008. © IFCA
A. N. Klingsheim and K. J. Hole, “Identity Theft: Much too Easy? A study of Online Systems in Norway,” in Proc. Financial Cryptography and Data Security, January, 2008. © IFCA
K. J. Hole, V. Moen, A. N. Klingsheim, and K. M. Tande, “Lessons from the Norwegian ATM System,” IEEE Security & Privacy, November/December 2007. (See Copyright notice below.)
A. N. Klingsheim, V. Moen, and K. J. Hole, “Challenges in Securing Networked J2ME Applications,” IEEE Computer, February 2007. (See Copyright notice below.)
V. Moen, A. N. Klingsheim, K. I. F. Simonsen, and K. J. Hole, “Vulnerabilities in E-Governments,” in Proc. 2nd International Conference on Global E-Security (ICGeS-06), London, England, April 20-22, 2006. The paper is also printed in International Journal of Electronic Security and Digital Forensics, Vol. 1, No. 1, 2007.
© 2007, 2008, 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.