Adding to a good reply from Security point of view of Zakir,
1) What is the Encryption or Decryption Algorithm used
2) In Which File is the password stored?
3) How are Sessions maintaned and managed? Session hijacking
4) Where are Cookies stored? Client or Server? Cookie Poisoning
5) What special characters are permitted in the application? SQL Injection