In June 2006, Microsoft released Dynamics AX 4.0, which was the first full version to be developed in Microsoft using the Security Development Lifecycle (SDL). A key deliverable by this team is a document on security considerations for Dynamics AX development. It is available here:
Topics covered, include:
- How to use potentially dangerous APIs in a safe manner
- Code-access Security in X++ (based on the principles of .NET Code Access Security, but quite a different implementation)
- Data-access Authorization
- Server-side batch processing
This document is a must-read for every X++ developer.