The first step is to decompile the .swf file and extract as many resources as possible.

Testing Fault Injection in Local Applications proves to be a great resource for describing the local resources and interprocess communication,

Anti-Spyware program for Mac OS X, MacScan. Version 2.3 adds a blacklisted cookie scanner.

These are the best online resources in web application security :