Testing Guide.Docx

Total Page:16

File Type:pdf, Size:1020Kb

Testing Guide.Docx Testing Guide 2013 ALPHA Testing Guide 2013 ALPHA OWASP Foundation OWASP ISBN 978-1-304-61314-1 90000 Foundation 9 781304 613141 OWASP Testing Guide 2013: ALPHA 1 2 OWASP Testing Guide 2013: ALPHA OWASP Foundation 2013 3 4 1. FRONTISPIECE 1.1 Welcome to the OWASP Testing Guide 4.0 “Open and collaborative knowledge: that’s the OWASP way.” -- Matteo Meucci OWASP thanks the many authors, reviewers, and editors for their hard work in bringing this guide to where it is today. If you have any comments or suggestions on the Testing Guide, please e-mail the Testing Guide mail list: http://lists.owasp.org/mailman/listinfo/owasp-testing Copyright and License Copyright (c) 2008 The OWASP Foundation. This document is released under the Creative Commons 2.5 License. Please read and understand the license and copyright conditions. 5 Revision History The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki. Matteo Meucci has taken on the Testing guide and is now the lead of the OWASP Testing Guide Project. 15th September, 2008 "OWASP Testing Guide", Version 3.0 December 25, 2006 "OWASP Testing Guide", Version 2.0 July 14, 2004 "OWASP Web Application Penetration Checklist", Version 1.1 December 2004 "The OWASP Testing Guide", Version 1.0 Editors Matteo Meucci: OWASP Testing Guide Lead since 2007. Eoin Keary: OWASP Testing Guide 2005-2007 Lead. Daniel Cuthbert: OWASP Testing Guide 2003-2005 Lead Trademarks ● Java, Java Web Server, and JSP are registered trademarks of Sun Microsystems, Inc. ● Merriam-Webster is a trademark of Merriam-Webster, Inc. ● Microsoft is a registered trademark of Microsoft Corporation. ● Octave is a service mark of Carnegie Mellon University. ● VeriSign and Thawte are registered trademarks of VeriSign, Inc. ● Visa is a registered trademark of VISA USA. 6 ● OWASP is a registered trademark of the OWASP Foundation All other products and company names may be trademarks of their respective owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. 1.2 About the Open Web Application Security Project The OWASP Foundation came online on December 1st 2001 it was established as a not- for-profit charitable organization in the United States on April 21, 2004 to ensure the ongoing availability and support for our work at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at www.owasp.org. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. The OWASP Foundation is a not- for-profit entity that ensures the project's long-term success. Core Values OPEN Everything at OWASP is radically transparent from our finances to our code. INNOVATION OWASP encourages and supports innovation/experiments for solutions to software security challenges. GLOBAL Anyone around the world is encouraged to participate in the OWASP community. INTEGRITY OWASP is an honest and truthful, vendor neutral, global community. Core Purpose Be the thriving global community that drives visibility and evolution in the safety and security of 7 the world’s software. 8 Contents 1.FRONTISPIECE……………………………………………………………...………....……….5 1.1 About the OWASP Testing Guide Project…………………………………………...........5 1.2 About the Open Web Application Security Project…………………………….….....…..7 FORWARD……………………………………………………………………………………….15 2.INTRODUCTION……………………………..………………………………………………..18 2.1 The OWASP Testing Project……………………………………………………………..18 2.2 Principles of Testing……………………………………………….....…………………...21 2.3 Testing Techniques Explained…………………………………………………………….25 2.4 Security Requirements Test Derivation, Functional and Nonfunctional Test Requirements, and Test Cases Through and Misuse Cases……………………………... 2.5 Security Test Data Analysis and Reporting: Root Cause Identification and Business/Role Case Test Data Reporting……………………………………………………….. 3. THE OWASP TESTING FRAMEWORK………………………………………………………………. 3.1Overview……………………………………………………………………………………. 3.2 Phase 1: Before Development Begins………………………………………………………. 3.3 Phase 2: During Definition and Design…………………………………………………. 3.4 Phase 3: During Development ……………………………………………………………. 3.5 Phase 4: During Deployment………………………………………………………………. 3.6 Phase 5: Maintenance and Operations………………………………………………. 3.7 A Typical SDLC Testing Workflow……………………………………………………….. 4. WEB APPLICATION PENETRATION TESTING………………………………………… 4.1 Introduction and Objectives……………………………………………………………….. 4.1.1 Testing Checklist…………………………………………………………………….. 4.2 Information Gathering……………………………………………………………………… 4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage 4.2.2 Fingerprint Web Server 9 4.2.3 Review Webserver Metafiles for Information Leakage 4.2.4 Enumerate Applications on Webserver 4.2.5 Review Webpage Comments and Metadata for Information Leakage……. 4.2.6 Identify Application Entry Points 4.2.7 Identify Application Exit/Handover Points 4.2.8 Map Execution Paths Through Application 4.2.9 Fingerprint Web Application Framework 4.2.10 Fingerprint Web Application 4.2.11 Map Network and Application Architecture ……………………………………… 4.3 Configuration and Deploy Management Testing………………………………………….. 4.3.1 Testing Network/Infrastructure Configuration 4.3.2 Testing Application Platform Configuration 4.3.3 Test File Extensions Handling for Sensitive Information 4.3.4 Review Old, Backup and Unreferenced Files for Sensitive Information 4.3.5 Enumerate Infrastructure and Application Admin Interfaces 4.3.6 Test HTTP Methods 4.3.7 Testing for Database Credentials/ Connection Strings Available 4.3.8 Test Content Security Policy 4.3.9 Test HTTP Strict Transport Security 4.3.10 Test Frame Options 4.3.11 Test RIA Cross Domain Policy 4.3.12 Test Content Type Options 4.4 Identity Management Testing 4.4.1 Test Role Definitions 4.4.2 Test User Registration Process 4.4.3 Test Account Provisioning Process 4.4.4 Testing for Account Enumeration and Guessable User Account………………… 4.4.5 Testing for Weak or Unenforced Username Policy…………………………………. 4.4.6 Test Permissions of Guest/Training Accounts 4.4.7 Test Account Suspension/Resumption Process 4.4.8 Test User Deregistration Process 4.4.9 Test Account Deregistration Process 4.5 Authentication Testing 4.5.1 Testing for Credentials Transported Over an Encrypted Channel……………. 10 4.5.2 Testing for Default Credentials……………………………………………………….. 4.5.3 Testing for Weak Lock Out Mechanism…………………………………………… 4.5.4 Testing for Bypassing Authentication Schema………………………………………. 4.5.5 Test Remember Password Functionality……………………………………………. 4.5.6 Testing for Browser Cache Weakness………………………………………………. 4.5.7 Testing for Weak Password Policy………………………………………………….. 4.5.8 Testing for Weak Security Question/Answer……………………………………….. 4.5.9 Testing for Weak Password Change or Reset Functionalities…………………… 4.5.10 Testing for Weaker Authentication in Alternative Channel……………………. 4.6 Authorization Testing……………………………………………………………………….. 4.6.1 Test Management of Account Permissions…………………………………………. 4.6.2 Testing Directory Traversal File/ Include…………………………………………… 4.6.3 Testing for Bypassing Authorization Schema……………………………………… 4.6.4 Testing for Privilege Escalation……………………………………………………. 4.6.5 Testing for Insecure Direct Object References……………………………………… 4.6.6 Testing for Failure to Restrict Access to Authorized Resource……………….. 4.6.7 Test Privileges of Server Components……………………………………………… 4.6.8 Test Enforcement of Application Entry Points…………………………………….. 4.6.9 Testing for Failure to Restrict Access to Authenticated Resource…………… 4.7 Session Management Testing……………………………………………………………….. 4.7.1 Testing for Bypassing Session Management Schema……………………………. 4.7.2 Testing for Cookies Attributes……………………………………………………… 4.7.3 Testing for Session Fixation………………………………………………………… 4.7.4 Testing for Exposed Session Variables…………………………………………….. 4.7.5 Testing for Cross Site Request Forgery……………………………………………… 4.7.6 Test Session Token Strength…………………………………………………………. 4.7.7 Testing for Logout Functionality…………………………………………………… 4.7.8 Testing for Session Puzzling………………………………………………………….. 4.7.9 Test Session Timeout…………………………………………………………………. 4.7.10 Test Multiple Concurrent Sessions………………………………………………… 4.8 Data Validation Testing…………………………………………………………………… 4.8.1 Testing for Reflected Cross Site Scripting…………………………………………… 4.8.2 Testing for Stored Cross Site Scripting………………………………………………. 4.8.3 Testing for HTTP Verb Tampering………………………………………………….. 11 4.8.4 Testing for HTTP Parameter Pollution……………………………………………… 4.8.5 Testing for Unvalidated Redirects and Forwards………………………………….. 4.8.6 Testing for SQL Injection…………………………………………………………….. 4.8.6.1 Oracle Testing…………………………………………………………………… 4.8.6.2
Recommended publications
  • The Effectiveness of CEO Leadership Styles in the Technology Industry
    The Effectiveness of CEO Leadership Styles in the Technology Industry Sean Dougherty, Andrew Drake Advisors: Dr. Jonathan Scott and Professor Katherine Nelson Temple University Explanation of research The purpose of this research is to determine the impact of leadership style on financial success. A great deal of research has been done on the factors that affect the financial success of a company, but leadership is one factor that tends to be overlooked. That is due to the nature of leadership; like other aspects of human resources management such as company culture, leadership is not easily quantifiable. In order to study leadership’s effect on company success, we needed to make leadership less abstract and more concrete. We needed a means of distinguishing the way one person leads in comparison to another person, and the solution was presented to us upon reading Primal Leadership. Authors Daniel Goleman, Richard Boyatzis, and Annie McKee make the detailed claim that the way a person leads can always be categorized into at least one of six distinct emotional leadership styles. We seek to build on the research of Goleman, Boyatzis, and McKee by analyzing the effectiveness of each of these styles in terms of driving financial success. To measure financial success, we looked at the behavior of stock price in the time following an initial public offering. For our data set, we chose to study 60 companies in the technology industry that have gone public since the year 2000. With each company, we researched the CEO who led the company during the IPO and assigned him or her one to two leadership styles that he or she exhibits.
    [Show full text]
  • 681 A&W Restaurants, 249 AARP (American Association of Retired
    name index A American Express, 574 Baker, Stephen, 601–602 A&W Restaurants, 249 American Heart Association, 69, Bakke, Dennis, 286 AARP (American Association of 193 Ballew, Paul, 600 Retired Persons), 390 American National Standards Ballmer, Steve, 16, 272, 281, ABC, 80 Institute, 589, 590 282 Abledata, 395 American Society for Quality, Ball, Sharon, 357 Academy of Management 586, 590 Banana Republic, 99, 529 Executive, 38 American Society of Mechanical Banga, M. S., 190 Academy of Management Engineers, 42 The Bankers Bank, 567 Journal, 7, 38 America West, 485 Bank of America (BoA), Academy of Management America Online (AOL), 11, 168, 227–228 Review, 7, 38 542 Bank One, 401 The Accident Group, 425–426 Ameritech Corporation, 375 Baptist, Douglas, 208–209 Ace Hardware, 185 AMP, 261 Baratta, Sandy, 116 Acura, 464 Anda, Luis de, 245 Bare, Mike, 525–526 Acxiom, 559–560 Angelini, Greg, 436 Barger, Dave, 440 Adams, Diane, 133 Angle, Colin, 525 Barlow, Jeanette, 570 Adams, Ed, 403 Anheuser-Busch, 239 Barnard, Chester, 34, 54–56 Addessi, Joan, 107, 108, 109, Apache Medical Systems, 574 Barneys, 219 110–111 Apple Computer, 210, 297, 322, Barnholt, Ned, 435, 493–494 Addessi, Richard, 107, 108 601–602 Barron’s, 176 Addington, Gordon, 120 Appling, Troy, 567 Baseler, Randy, 147 Adelphia, 100 Aramark, 478 Baxter International, 434, 512 Adidas-Salomon, 247 Argenti, Paul, 486 Bayer, 274 Adler, Nancy J., 507 Argosy Education Group, 497 Becoming a Manager: Mastery of Administrative Science Arizona Public Service Company, a New Identity (Hill), 21–23 Quarterly,
    [Show full text]
  • 1 UNITED STATES SECURITIES and EXCHANGE COMMISSION Washington, D.C
    1 UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 13F FORM 13F COVER PAGE Report for the Calendar Year or Quarter Ended: September 30, 2000 Check here if Amendment [ ]; Amendment Number: This Amendment (Check only one.): [ ] is a restatement. [ ] adds new holdings entries Institutional Investment Manager Filing this Report: Name: AMERICAN INTERNATIONAL GROUP, INC. Address: 70 Pine Street New York, New York 10270 Form 13F File Number: 28-219 The Institutional Investment Manager filing this report and the person by whom it is signed represent that the person signing the report is authorized to submit it, that all information contained herein is true, correct and complete, and that it is understood that all required items, statements, schedules, lists, and tables, are considered integral parts of this form. Person Signing this Report on Behalf of Reporting Manager: Name: Edward E. Matthews Title: Vice Chairman -- Investments and Financial Services Phone: (212) 770-7000 Signature, Place, and Date of Signing: /s/ Edward E. Matthews New York, New York November 14, 2000 - ------------------------------- ------------------------ ----------------- (Signature) (City, State) (Date) Report Type (Check only one.): [X] 13F HOLDINGS REPORT. (Check if all holdings of this reporting manager are reported in this report.) [ ] 13F NOTICE. (Check if no holdings reported are in this report, and all holdings are reported in this report and a portion are reported by other reporting manager(s).) [ ] 13F COMBINATION REPORT. (Check
    [Show full text]
  • OECD Information Technology Outlook OECD Information Technology Outlook 2002 « Icts and the INFORMATION ECONOMY
    OECD Information Technology Outlook 2002 « Outlook OECD Information Technology ICTs AND THE INFORMATION ECONOMY Information technology (IT) continues to be a major driver of economic change, restructuring OECD Information businesses, affecting skills and employment, and contributing significantly to growth and wealth creation. This volume describes the main trends in industries and businesses Technology Outlook supplying IT goods and services. It looks at the impact of IT diffusion and applications, as well as the growing importance of network effects as the use of IT expands. It describes recent market dynamics and gives a detailed overview of the globalisation of the information and communication technology (ICT) sector. It also analyses the increasingly important ICTs AND THE INFORMATION software sector and examines the growth in electronic commerce as well as some of the barriers to its expansion. ECONOMY This volume also looks at developments in the provision and use of ICT skills, mismatches between supply and demand and potential remedies. It traces the diffusion of ICTs and examines the digital divide among individuals, households and businesses, then highlights the potential of selected technological developments that will affect the commercial exploitation and socio-economic impacts of ICTs in the medium term. Finally, it provides an overview of IT policies in OECD countries, particularly those aimed at expanding the supply and use of ICT skills and overcoming the digital divide. National IT policy profiles are available at the following URL: www.oecd.org/sti/information-economy OECD's books, periodicals and statistical databases are now available via www.SourceOECD.org, our online library. This book is available to subscribers to the following SourceOECD themes: Science and Information Technology Social Issues/Migration/Health Ask your librarian for more details on how to access OECD books on line, or write to us at [email protected] www.oecd.org ISBN 92-64-19754-0 93 2002 02 1P 2002 -:HSTCQE=V^\ZYV: 2002 © OECD, 2002.
    [Show full text]
  • SEC News Digest, 07-16-1999
    SEC NEWS DIGEST Issue 99-136 July 16, 1999 SELF-REGULATORY ORGANIZATIONS PROPOSED RULE CHANGES The Pacific Exchanae filed a proposed rule change (SR-PCX-99-04) relating to increasing the maximum order size eligible for automatic execution on Auto-Ex to fifty contracts. Publication of the proposal is expected in the Federal Register during the week of July 19. (ReI. 34-41611) The Chicago Board Options Exchange filed a proposed rule change (SR- CBOE-99-29) to allow RAES orders to trade against orders in the exchange's limit order book. Publication of the proposal is expected in the Federal Register during the week of July 19. (ReI. 34-41621) The New York Stock Exchange filed a proposed rule change (SR-NYSE- 99-10) to amend NYSE Rule 123A.40 to allow specialists to make a bid or offer that betters the market at a price that would elect stop orders and eliminate the requirement to obtain Floor Official approval, unless the price of the specialist's electing transaction is more than 4/16 point away from the previous sale. Publication of the notice is expected in the Federal Register during the week of July 19. (ReI. 34-41623) SECURITIES ACT REGISTRATIONS The following registration statements have been filed with the SEC under the Securities Act of 1933. The reported information appears as follows: Form, Name, Address and Phone Number (if available) of the issuer of the security; Title and the number and/or face amount of the securities being offered; Name of the managing underwriter or depositor (if applicable); File number and date filed; Assigned Branch; and a designation if the statement is a New Issue.
    [Show full text]
  • SEC News Digest, 11-15-1999
    l ./ SEC NEWS DIGEST Issue 99-219 November IS, 1999 SELF-REGULATORY ORGANIZATIONS IMMEDIATE EFFECTIVENESS OF PROPOSED RULE CHANGES A proposed rule change filed by the Philadelphia Stock Exchange amending rules governing the Phlx Automatic Communication and Execution System (SR-Phlx-99-33) has become effective under Section 19{b) (3) (A) of the Securities Exchange Act of 1934. Publication of the proposal is expected in the Federal Register during the week of November 15. (ReI. 34-42120) A proposed rule change filed by the Philadelphia Stock Exchange (SR- Phlx-99-34) to amend its fee schedule for Registered Representative registration has become effective under Section 19{b) (3) (A) of the Securities Exchange Act of 1934. Publication of the proposal is expected in the Federal Register during the week of November 15. (ReI. 34-42122) A proposed rule change filed by the Philadelphia Stock Exchange (SR- Phlx-99-37) to increase the maximum size of option orders eligible for delivery through the Automated Options Market System (AUTOM) has become effective under Section 19{b) (3) (A) of the Securities Exchange Act of 1934. Publication of the proposal is expected in the Federal Register during the week of November 15. (ReI. 34- 42123 ) The American Stock Exchange, Pacific Exchange, and the Chicago Board Options Exchange have filed proposed rule changes (SR-Amex-99-40i SR-PCX-99-41i SR-CBOE-99-59) to make permanent pilot programs eliminating position and exercise limits for FLEX Equity options. Publication of the proposal is expected in the Federal Register during the week of November 15.
    [Show full text]
  • Alteon Switched Firewall 3.0.2 Installation And
    Installation and User’s Guide Alteon Switched FirewallTM Release 3.0.2 Part Number: 212535-E, April 2003 4655 Great America Parkway Santa Clara, CA 95054 Phone 1-800-4Nortel www.nortelnetworks.com Alteon Switched Firewall Installation and User’s Guide Copyright © 2003 Nortel Networks, Inc., 4655 Great America Parkway, Santa Clara, California, 95054, USA. All rights reserved. Part Number: 212535-E. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without warranty of any kind, either express or implied, including any kind of implied or express warranty of non- infringement or the implied warranties of merchantability or fitness for a particular purpose. U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR 2.101 (Oct. 1995) and contains “commercial technical data” and “commercial software documentation” as those terms are used in FAR 12.211-12.212 (Oct. 1995). Government End Users are authorized to use this documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR 12.211- 12.212 (Oct. 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov. 1995). Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Nortel Networks, Inc.
    [Show full text]
  • Haworthspring 2011 News College of Business
    HaworthSpring 2011 News College of Business The changing face of Haworth Meeting today’s challenges | 6 From undecided to business professional | 14 Connecting with community | 26 ...... ...... ...... ...... ...... ...... Greetings ...... ...... ...... ...... ...... ...... From the ...... ...... ...... ...... ...... ...... ...... ...... Dean’s ...... ...... ...... ...... ...... ...... Office ...... ...... ...... ...... I am honored to serve as dean and excited as we begin a ...... ...... new chapter in the College’s history. ...... ...... When I interviewed for the dean’s position, I was deeply ...... impressed by the strengths of the Haworth College of ...... ...... Business, including dedicated and talented faculty and staff, ...... strong academic programs, a keen focus on students and ...... their success and a strong base of support from alumni ...... ...... and the business community. Now that I am immersed in ...... the invigorating bustle of the College, these strengths are ...... reinforced for me daily. ...... Witnessing our students excel in statewide and national Photo - Mike Lanka competitions, their internships, leadership positions within their student organizations and across campus and so This unique, hand-crafted Haworth Experience is what many other endeavors is a joy and highlights the quality of differentiates the Haworth College of Business from other Haworth College of Business students and the instruction schools of business. that they receive. The strong alumni base and solid community support serve Our committed
    [Show full text]
  • 3Rd Quarter, 2000
    RUN DATE:10/06/00 ** LIST OF SECTION 13F SECURITIES ** PAGE 1 RUN TIME:14:34 IVMOOl CUSIP NO. ISSUER NAME ISSUER DESCRIPTION STATUS B49233 10 7 ICOS VISION SYS CORP N V ORD B5628B 10 4 * LERNOUT & HAUSPIE SPEECH PRODS COM B5628B 90 4 LERNOUT & HAUSPIE SPEECH PRODS CALL B5628B 95 4 LERNOUT & HAUSPIE SPEECH PRODS PUT D1497A 10 1 CELANESE AG ORD D1668R 12 3 * DAIMLERCHRYSLER AG ORD D1668R 90 3 DAIMLERCHRYSLER AG CALL D1668R 95 3 DAIMLERCHRYSLER AG PUT F9212D 14 2 TOTAL FINA ELF S A WT EXP 080503 G0070K 10 3 * ACE LTD ORD G0070K 90 3 ACE LTD CALL G0070K 95 3 ACE LTD PUT GO2602 10 3 * AMDOCS LTD ORD GO2602 90 3 AMDOCS LTD CALL GO2602 95 3 AMDOCS LTD PUT GO2995 10 1 AMERICAN SAFETY INS GROUP LTD ORD GO3910 10 9 * ANNUITY AND LIFE RE HLDGS ORD GO3910 90 9 ANNUITY AND LIFE RE HLDGS CALL GO3910 95 9 ANNUITY AND LIFE RE HLDGS PUT GO4074 10 3 APEX SILVER MINES LTD ORD GO4074 11 1 APEX SILVER MINES LTD WT EXP 110402 GO4397 10 8 * APW LTD COM ADDED GO4397 90 8 APW LTD CALL ADDED GO4397 95 8 APW LTD PUT ADDED GO4450 10 5 ARAMEX INTL LTD ORD GO5345 10 6 ASIA PACIFIC RES INTL HLDG LTD CL A G0535E 10 6 ASIA PACIFIC WIRE & CABLE CORP ORD GO5354 10 8 ASIACONTENT COM LTD CL A 620045 20 2 CENTRAL EUROPEAN MEDIA ENTRPRS CL A NEW G2107X 10 8 CHINA TIRE HLDGS LTD COM G2108N 10 9 * CHINADOTCOM CORP CL A G2108N 90 9 CHINADOTCOM CORP CALL G2108N 95 9 CHINADOTCOM CORP PUT 621082 10 5 CHINA YUCHAI INTL LTD COM 623257 10 1 COMMODORE HLDGS LTD ORD 623257 11 9 COMMODORE HLDGS LTD WT EXP 071501 623773 10 7 CONSOLIDATED WATER CO INC ORD G2422R 10 9 * CORECOMM LTD ORD G2422R 90 9 CORECOMM LTD CALL G2422R 95 9 CORECOMM LTD PUT G2519Y 10 8 CREDICORP LTD COM G2706W 10 5 DELPHI INTERNATIONAL LTD ORD 627545 10 5 DF CHINA TECHNOLOGY INC ORD G2759W 10 1 DIGITAL UNITED HOLDINGS LTD ORD ADDED 628471 10 3 DSG INTL LTD ORD 629526 10 3 EK CHOR CHINA MOTORCYCLE CO COM 629539 14 8 ELAN PLC R T 630177 10 2 * EL SIT10 INC ORD 630177 90 2 EL SIT10 INC CALL RUN DATE:10/06/00 ** LIST OF SECTION 13F SECURITIES ** PAGE 2 RUN TIME:14:34 IVMOOl CUSIP NO.
    [Show full text]
  • Scott Morgan
    AN ABSTRACT OF THE THESIS OF Scott M. Morgan for the degree of Honors Baccalaureate of Science in Business Administration presented on May 29, 2009 . Title: The Impact of Corporate Social Responsibility on Mergers and Acquisitions. Abstract approved: _______________________________________________ Donald Neubaum _______________________________________________ Prem Mathew This study examines the effects of corporate social responsibility (CSR) on merger and acquisitions (M&A). Using data from Kinder, Lyndeberg, and Domini (KLD) Research Analytics and Thomson’s Securities Data Corporation’s (SDC) Platinum Database, we empirically test if CSR scores effect a firm’s propensity to pursue M&A activity. Specifically, I examine how individual elements of CSR ratings (i.e. community relations, corporate governance, diversity, employee relations, environmental practices, and product quality and safety) might directly influence this relationship. The second part of this study examines the problems associated with integration that commonly arise during corporate acquisitions. We attempt to determine what dimensions of CSR increase integration periods by looking at the differences in bidder and target CSR scores. Key Words: Business, Mergers and Acquisitions, Corporate Social Responsibility, Stakeholder, Integration Period, Speed of Integration Corresponding E-mail Address: [email protected] © Copyright by Scott M. Morgan June 5, 2009 All Rights Reserved The Impact of Corporate Social Responsibility on Mergers and Acquisitions by Scott M. Morgan A PROJECT submitted to Oregon State University University Honors College in partial fulfillment of the requirements for the degree of Honors Baccalaureate of Science in Business Administration (Honors Associate) Presented May 29, 2009 Commencement June 2009 Honors Baccalaureate of Science in Business Administration project of Scott M.
    [Show full text]
  • Alteon OS 20.1 Layer 2-7 Gbe Switch Module for IBM Bladecenter
    RELEASE NOTES: TM Alteon OS 20.1 Layer 2-7 GbE Switch Module for IBM BladeCenter 4655 Great America Parkway Santa Clara, CA 95054 www.nortelnetworks.com Reference: 216028-B Alteon OS 20.1 Release Notes Copyright © 2004 Nortel Networks, Inc., 4655 Great America Parkway, Santa Clara, California, 95054, USA. All rights reserved. Part Number: 13N0346. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without warranty of any kind, either express or implied, including any kind of implied or express warranty of non- infringement or the implied warranties of merchantability or fitness for a particular purpose. U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR 2.101 (Oct. 1995) and contains “commercial technical data” and “commercial software documentation” as those terms are used in FAR 12.211-12.212 (Oct. 1995). Government End Users are authorized to use this documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR 12.211- 12.212 (Oct. 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov. 1995). Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by Nortel Networks, Inc.
    [Show full text]
  • Internet Ipos Show Impressive Strength in Third Quarter of 1999
    Internet IPOs Show Impressive Strength in Third Quarter of 1999 David Westenberg 10.1.1999 Initial public offerings by Internet-related companies ("iPOs") showed impressive strength in the third quarter of 1999, despite overall market choppiness, a mid-summer lull and substantial declines in market valuations of large-cap Internet stocks. Overall market conditions appeared to be hurt during the third quarter by: hikes in interest rates in late June and again in August concerns about Y2K-related market turbulence as year-end approaches Microsoft President's Steve Ballmer's widely reported statements in September that technology stocks are absurdly overvalued All major indexes except the Nasdaq Composite declined in the third quarter. The Nasdaq Composite, which is dominated by large technology stocks such as Microsoft, Intel and Cisco, inched up 2.2% in the third quarter. At September 30, the average stock had fallen more than 20% from its 52-week high. TheStreet.com's Internet index of 20 large-cap Web stocks is down more than 30% from April. In this "stealth bear" market, the strength of all IPOs, and iPOs in particular, was somewhat surprising. The Big Picture In the third quarter of 1999, there were 101 iPOs raising $7.412 billion, compared to 10 iPOs raising $562 million in the third quarter of 1998. Year to date, 215 iPOs have raised $17.159 billion. iPOs represented 67% of the total number of IPOs and 41% of the total dollar volume of all IPOs in the third quarter of 1999. Year to date, iPOs represent 57% of the total number of IPOs and 36% of the total dollar volume of all IPOs.
    [Show full text]