Which AWS service contains built-in engines to protect web applications that run in the cloud from SQL injection attacks and cross-site scripting?

Explanations:

AWS WAF (Web Application Firewall) provides built-in rules to protect web applications from common exploits such as SQL injection and cross-site scripting (XSS). It allows users to create custom rules and manage application-level security.

AWS Shield Advanced is primarily focused on DDoS protection and does not specifically target SQL injection or XSS attacks. While it enhances application availability during attacks, it does not provide the web application protection features found in AWS WAF.

Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior but does not specifically focus on protecting against SQL injection or XSS attacks in web applications.

Amazon Detective helps analyze and investigate security issues and suspicious activities within AWS environments, but it does not provide proactive protection against SQL injection or cross-site scripting attacks like AWS WAF does.