Which service offers protection against common web exploits?

The correct choice, AWS WAF (Web Application Firewall), is designed specifically to protect web applications from common web exploits that could compromise security, such as SQL injection, cross-site scripting (XSS), and other vulnerabilities. AWS WAF enables users to create custom rules that filter HTTP requests, allowing for greater control over who can access applications and under what conditions.

Deploying AWS WAF allows businesses to define their own security policies and controls based on the web traffic patterns they observe. This tailored approach significantly enhances the security posture of web applications, safeguarding them from malicious traffic while still allowing legitimate requests to pass through.

Meanwhile, other services mentioned also play critical roles in the AWS ecosystem but serve different purposes. For example, AWS Shield focuses on DDoS protection to guard against distributed denial-of-service attacks but does not specifically target the common web exploits that affect application-level security. Amazon Inspector is primarily an automated security assessment service meant to improve the security and compliance of applications rather than protecting web applications from exploits in real-time. Lastly, AWS Certificate Manager is used to manage SSL/TLS certificates for secure communications but does not address protection against web exploits directly.

Thus, AWS WAF is the service specifically aimed at providing security against web-based attacks, making it the