diff --git a/best_practices/security.rst b/best_practices/security.rst
index d5ce51deb31..5718e776e86 100644
--- a/best_practices/security.rst
+++ b/best_practices/security.rst
@@ -74,13 +74,15 @@ Authorization (i.e. Denying Access)
 -----------------------------------
 
 Symfony gives you several ways to enforce authorization, including the ``access_control``
-configuration in :doc:`security.yml </reference/configuration/security>` and
-using :ref:`isGranted <best-practices-directly-isGranted>` on the ``security.context``
+configuration in :doc:`security.yml </reference/configuration/security>`, the
+:ref:`@Security annotation <best-practices-security-annotation>` and using
+:ref:`isGranted <best-practices-directly-isGranted>` on the ``security.context``
 service directly.
 
 .. best-practice::
 
     * For protecting broad URL patterns, use ``access_control``;
+    * Whenever possible, use the ``@Security`` annotation;
     * Check security directly on the ``security.context`` service whenever
       you have a more complex situation.
 
@@ -207,9 +209,10 @@ Now you can reuse this method both in the template and in the security expressio
 
 .. _best-practices-directly-isGranted:
 .. _checking-permissions-without-security:
+.. _manually-checking-permissions:
 
-Manually Checking Permissions
------------------------------
+Checking Permissions without @Security
+--------------------------------------
 
 The above example with ``@Security`` only works because we're using the
 :ref:`ParamConverter <best-practices-paramconverter>`, which gives the expression