I created this app that is intented for law enforcement agencies to upload data, so they can share information, and see for example, whether some guy they just apprehended is wanted in another juristiction.

It was really just an exercise/proof of concept for me, but the sales guys just sold it. Obviously I'm concerned about security. Could be a tasty target. Where do I start? Is there any sort of methodology I can put the site through to see where the weaknesses are?

Any information is greatly appreciated. I'm no hacker and really don't know anything about web site security.

Thanks,
Mike