what is the security benefit in using aliases instead of literal paths for redirection ?

 They map to a list of destination URLs  and can protect from redirection attacks.

what do you mean by session and session ID

 A session is a mechanism for the server to identify and distinguish a particular user from all other current users.

A session ID is a 128-bit random number generated by the web application the first time a user visits a Rails-based web site.

where can we use the OpenPhish ?

 A service against which your application can check destination URLs before performing a redirect.

what is the difference between session fixation and session hijacking ?

 session hijacking :  is when the attacker acquires the session ID from a user's authenticated session.

session fixation: is when the attacker acquires a valid session ID by visiting the target web application first, and then attempts to get a user to initiate an authenticated session with the same session ID.

How SQL injection attack works ?

 Allowing an attacker to manipulate the SQL query string sent to the database.

SQL injection attack is performed by manipulating SQL query parameters to retrieve confidential data or execute commands from the underlying database without proper authorization.