I searched all over the internet trying to get a guidance about the security practices for a really secured site like an online banking site and didn't find any.
My interest is to know what practices you are using in following areas:
And how to detect penetration attempts ? Monitor IPs, Lock certain accounts ... ? Is there a way to test or simulate threats ?
I would start with PCI-DSS guidance as a baseline for protecting the data.
PCI-DSS is the Payment Card Industry Data Security Standard. It's the industries first attempt to lay down guidelines for protecting data around the banking area. The guidelines are specifically for cardholder data, but are a great resource for protection of data in general. PCI requirements include yearly onsite audits, and quarterly network scans.
Another good resource is OWASP which offers guidance on security of web applications in general
OWASP goes into a lot of detail about how to perform threat modelling, test for (and correct) common vulnerabilities. For the quick start head to the OWASP Top Ten