A company has a web application hosted on AWS, and they want to protect it from SQL injection attacks and other common web exploits. Which AWS service should they use?