How would you approach securing a high-traffic banking application against common OWASP Top 10 threats?