Hello every one this is my first topic Here 
i want to ask about yii security features is there a real security ways have to be done after finishing the website
like checking on :
XSS
CSRF
SQL Injection/Blind SQL Injection
File Upload
Information Disclosure
Local File Inclusion
Remote File Inclusion
Path Traversal
OS Commanding
Null Byte
Brute Force
i need your experience in this ways and how yii can avoid it .
Yii has instruments to avoid of some of this features. But all in your hands.
Here you can find some information about/concerning the topics you mentioned.
This is not comprehensive answer at all, just a hint where to look and/or what to implement and how.
Generally speaking - everything depends on developer. No matter how secured the framework is developer can still make it vulnerable, that is the price of flexibility.
For everything security-related I recommend OWASP https://www.owasp.org/index.php/Main_Page
XSS, CSRF, Cookie Attack:
http://www.yiiframework.com/doc/guide/1.1/en/topics.security
SQL Injection:
http://www.yiiframework.com/doc/guide/1.1/en/database.dao#binding-parameters
File Uploads:
http://www.larryullman.com/forums/index.php?/topic/2620-dealing-with-malicious-file-uploads/
Information Leakage:
http://www.yiiframework.com/doc/guide/1.1/en/basics.entry#debug-mode
http://www.yiiframework.com/doc/guide/1.1/en/topics.error
Local/Remote File Inclusion:
http://www.yiiframework.com/doc/guide/1.1/en/basics.namespace#importing-classes
http://www.yiiframework.com/doc/guide/1.1/en/form.model#declaring-validation-rules
Path Traversal:
http://www.yiiframework.com/doc/guide/1.1/en/topics.url#creating-urls
Brute Force:
http://www.yiiframework.com/doc/api/1.1/CCaptchaValidator
OS Commanding / Null Byte:
AFAIK developer / server admin dependent
Thanks Alot That Was Helpful