Hello every one this is my first topic Here 
i want to ask about yii security features is there a real security ways have to be done after finishing the website
like checking on :
XSS
CSRF
SQL Injection/Blind SQL Injection
File Upload
Information Disclosure
Local File Inclusion
Remote File Inclusion
Path Traversal
OS Commanding
Null Byte
Brute Force
i need your experience in this ways and how yii can avoid it .
as per my exp i worked in 4 yii2 projects
i have cross checked that there are no issue in security it is very safe in all manner.
Im very sure in below features.
XSS
CSRF
SQL Injection/Blind SQL Injection
File Upload
yes sure,
you have to consider some important things in order to fulfill yii security and not to bypass yii’s MVC architecture (like accepting direct post data using php not using yii), anyway this link may give you and idea about best practices:
http://www.yiiframework.com/doc-2.0/guide-security-best-practices.html
اتمني اذا كنت تعرف العربية ان تستخدمها ليستفيد المتلقي العربي، شكرا