I keep a reference to some simple but painful task if you forget a common or something. I am new to Yii and this took awhile for me to figure out. Everything I read said do this or do that and not a single one worked for me. However, the following did.
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.