In June 2006, Microsoft released Dynamics AX 4.0, which was the first full version to be developed in Microsoft using the Security Development Lifecycle (SDL). A key deliverable by this team is a document on security considerations for Dynamics AX development. It is available here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=5e050494-1613-4b3a-9363-d69d60c56877&DisplayLang=en

Topics covered, include:

  • How to use potentially dangerous APIs in a safe manner
  • Code-access Security in X++ (based on the principles of .NET Code Access Security, but quite a different implementation)
  • Data-access Authorization
  • Server-side batch processing

     

This document is a must-read for every X++ developer.