What characterizes a reflected attack in web security?

A reflected attack in web security is characterized by a crafted request to a server that contains malicious code, which is executed on the victim's browser. In this type of attack, the attacker sends a malicious URL to a victim. When the victim clicks on this URL, the server processes the request and sends back a response that includes the malicious code. This code is then executed in the victim's browser, which can lead to various harmful consequences, such as data theft, session hijacking, or redirecting the victim to malicious websites.

This mechanism is what differentiates reflected attacks from other types. For instance, stored attacks involve code that is saved on the server itself and executed at a later time when other users access that code, making it persistent and effectively a permanent threat. Other options, like executing code directly on the server or using SQL injections, pertain to different attack categories and mechanisms, demonstrating that reflected attacks specifically leverage the interaction between a client and server where the malicious payload is "reflected" back to the user immediately after their request.