AutoStub™ is a highly productive tool to mock services and generate meaningful data, which can be configured to simulate the real life data and to match with the parameters present in a swagger/WSDL document to test the APIs. The capabilities qualifies AutoStub™ as an integral component of DevOps.
- AutoStub™ can generate WSDL/Swagger 2.0 based mock services
- Mock services from AutoStub™ can be used for API testing
- Mock services generated with AutoStub™ can accelerate front-end development
- AutoStub™ can create API's for all http status codes
- Number of Request/Response pairs to be generated can be defined
- Possible to modify the Request/Response data
- Increase productivity
- Accelerates development
- Plan and execute API testing and UI testing earlier
- Better Usability and User experience
- Licensing model helps in Cost cutting & saving
£300 to £1915 per licence per month
- Education pricing available
- Free trial available
Torry Harris Business Solutions ( Europe ) Ltd
|Software add-on or extension||No|
|Cloud deployment model||
|Service constraints||Planned maintenance will be done for one hour a month at the maximum. One week notice will be sent to all customer prior to the planned maintenance window. This will be carried out during non-peak hours to minimise disruption.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We respond to email queries within 2 Hours (24 * 7) for customers opting for our enterprise plans. And for customers opting for our SME plans, we respond within 2 Hours only during customer business hours.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Web chat is available as a part of our product offering. The widget available in the product can be clicked to initiate a chat with our agent.|
|Web chat accessibility testing||We have not preformed any tests for assistive technology users|
|Onsite support||Yes, at extra cost|
Based on different SaaS plans - Freemium (or 30 Days Trial), SME version, Enterprise version and Enterprise Plus - we offer different support models.
For Freemium (30 days Trial version), we are providing limited Email support only. The plan for SME version comes with a 8hrs Business hour (of customer) support via Phone & Email. Enterprise and Enterprise Plus plans comes with 24 hour support. Cost for support activities varies and it's incorporated with the respective SaaS plans.
We follow standard support system structure, starting from L1 and L4 being the last level of support, which includes a team of professionals ranging from Cloud Support Engineers to Technical Architect.
Level 1 (Application & Infra) – Monitoring, Initial Investigation and Escalation
Level 2 (Application & Infra) – Detailed Investigation and Escalation
Level 3 (Applications) – Customized Development and System Integration Support
Level 4 (Applications) – Product Features Support and Maintenance
|Support available to third parties||Yes|
Onboarding and offboarding
We provide all of the options:
a) Online documentation accessible for general public
b) Onsite training at an additional cost
c) Online training at an additional cost
|End-of-contract data extraction||Data can be exported as human readable and machine-readable formats. Users have the choice to export the complete dump of their data at any point of time.|
The following items are included in the price of the contract:
1. Data export capability.
2. Usage logs download capability.
The following services are offered at additional cost:
1. Data/application migration
2. Knowledge Transition to another system integration partner
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Autostub services partially supports mobile device UI and in the process of migrating towards total "Responsive Design" to support mobile devices. The user interface automatically adjusts to the screen resolution in terms of layouts, font size and other visual elements.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
For public users facing components, such as the AutoStub swagger spec 2.0 import, the web interfaces include standard controls. In context of accessibility, users can use browsers such as Google Chrome or Mozilla Firefox, for activities such as:
1. File upload , drop downs, text field, etc as their names describes their purpose.
We have tested the application UI with the following web accessibility testing tools:
1. aXe accessibility testing add-on for Chrome and Firefox
2. Chrome Dev Tools
|What users can and can't do using the API||
The API capabilities of AutoStub 2.0, across components, are:
1. AutoStub 2.0 APIs: a) swagger spec 2.0 import Lifecycle - create/delete swagger specs, search resources, etc.
2. AutoStub swagger parameter configuration APIs - create/update/view parse and view swagger parameters,update configuration and set delay for each operation.
3. Mocker module APIs - create/update mock data for swagger parameters etc.
Common Features: a) ServiceId access for swagger spec and wsdl spec mock services.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Customisation is allowed at three levels only for enterprise customers (above 8 Million API calls/month) :
Level 1: Basic Customisation is supported through plugins.
Level 2: System Integration with customer's system: This is the most advanced level where integration is required with customer's systems such as Identity Management (LDAP, etc), This requires a separate System Integration contract with us to facilitate the integration.
|Independence of resources||The services are deployed in an auto scalable model. Each component of the service scale automatically depending on the usage.|
|Service usage metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with another standard|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Data can be exported by the admin user of the service at his/her will at any point of time. This capability is offered within the web interface, but restricted only to users that have administrative privileges.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
We have different slabs for uptime availability. Customers that require high levels of availability will need to be provisioned across multiple "Availability Zones" with additional configuration for Data replication across geographically distributed data centres.
High availability with Disaster Recovery capability: 99.95%
General SLA for High-availability: 99.9%
|Approach to resilience||This information is available on request.|
Service outages are reported using:
1. Email Alerts
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Access is restricted to management interfaces and support channels through role based access control. The role based access control rules are uniformly enforced on the web and API interfaces. Role based access control provides high level of granularity, and can be mapped to individual users and/or user groups.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 6 months and 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Star Certification International (SEI)|
|ISO/IEC 27001 accreditation date||28/04/2018|
|What the ISO/IEC 27001 doesn’t cover||Non-technical not covered|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Star Certification International (SEI)|
|PCI DSS accreditation date||28/04/2018|
|What the PCI DSS doesn’t cover||Non-technical not covered|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
The Information Security Policies and Processes of Torry Harris is in alignment with the standards defined by ISO27001. Key principles based on which Torry Harris Information security framework is defined are
• Confidentiality: Ensuring that information is accessible only to those authorized to have access.
• Integrity: Safeguarding the accuracy and completeness of information and processing methods.
• Availability: Ensuring that authorized users have access to information and associated assets when required.
Defined framework addresses the below needs of the Organization
- Physical and environment access control
- Network security
- Operational security
- Asset management
- Media handling
- Data backup and restoration
- Security incident management
- Business continuity management
Asset based risk assessment is done by quantifying value of each asset. This approach ensures identification and measure of the asset’s risks and corresponding mitigation controls that have been implemented.
Chief Information Security Officer (CISO) is accountable for compliance to information security in the Organization. Internal audit will be conducted by compliance team to ensure compliance to the defined policies and processes.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
From requirements analysis to delivery, every phase undergoes checks/tests for security & compliance (GDPR/Open Source/PCI-DSS). There are both internal & external teams who do these tests on a periodic basis.
The code is structured to maintain each component as independent executables. So a change to one module is contained within it and is exposed only through well defined interfaces.
Each component of the product is versioned. The product itself has a version. All product releases are made only via a release portal. Every release can be tracked back to the branch in the code repository from where it was built.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Security testing is done on the products every quarter by an external vendor and by an internal team for every release. Compliance of standards like GDPR & PCI-DSS are assessed during various phases of development. Information on threats are obtained from the CVE database. For compliance requirements, the respective body's guidelines are used as a the basis of assessment.
Depending on the priority of an issue, patches are deployed based on SLAs. Any P1/P2 issues are fixed and delivered with in 1 day or a temporary work around is suggested within this time frame.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||The solution is completely hosted in AWS Cloud. We use Amazon GuardDuty as a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect all the workloads. This service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. Automatically a ticket gets raised in our incident management system for any potential threat identified and it will be addressed based on the priority of incident.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
ITIL standards are followed for incident management with service desk as single point of contact for all issues. Incident management process follows the below steps:
1. Identifying the issue
2. Logging an incident as a ticket
3. Categorizing the incident
4. Prioritization of the incident based on the impact
5. Incdident Response
- Initial troubleshooting
- Escalating the incident if required to level 3 or higher
- Investigation and diagnosis
- Resolution and recovery
- Incident closure
6. Communication with the end user throughout the life of the incident
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£300 to £1915 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Free trial includes fully functional service for evaluation purposes for a limited trial period for 30 days. We extend the trial period upon request. Professional support is not included. Queries, etc during evaluation are supported by Email during business hours.|