In June 2006, Microsoft released Dynamics AX 4.0, which was the first full version to be developed in Microsoft using the Security Development Lifecycle (SDL). A key deliverable by this team is a document on security considerations for Dynamics AX development. It is available here:

Topics covered, include:

  • How to use potentially dangerous APIs in a safe manner
  • Code-access Security in X++ (based on the principles of .NET Code Access Security, but quite a different implementation)
  • Data-access Authorization
  • Server-side batch processing


This document is a must-read for every X++ developer.