Assuming that I've tried my best to write secure code: database isn't easy for sql injection, output is filtered from xss, and other. The next question is how do I track that someone has tried to hack a website. What can a developer do that doesn't involve them reading through logs of every URL request that came to their website? (not that I even know how to do that).
I use PHP so tools or answers specific to PHP are welcome.
Try get from logs (eg. apache) logs to your website, group them to groups with contains same records (queries) but from different IP addresses, and get this list with ordering by count accidents ascending, then you get unexpected queries to your website then you have easily manual get view on this and get find some try of attacks.
You cant automate this process, because this is searching a code "undefined behavior".