Because a lot of web applications rely on the session id for all the authentication and authorization , knowing the strength of the algorithm behind the session ID generation is essential.

The first step is to decompile the .swf file and extract as many resources as possible.

OWASP is happy to announce the first release of OWASP Pantera - Web
Assessment Studio. Pantera is a mix between a pentest proxy, an application
scanner, and an intelligent analysis framework. Pantera’s goal is to leave
the analysis and automatic (repetitive) stuff to the engine, leaving only
the important decisions to the security expert.
Great tool !
OWASP Pantera Web [...]

An open source application layer firewall for HTTP/HTTPS. It works as a reverse proxy server. It analyzes all HTTP/HTTPS traffic against rule-based signatures and protects web servers and web applications from attack.

One of the best War Dialers I came across .
Current Features:

Full and Normal logging: Full logging records all possible events during dialing (busy signals, no answers, carriers, etc). By default it only records things that we might find interesting (carriers, possible telco equipment). [...]

SSA is a GUI that relies on OVAL Framework (see oval.mitre.org)
http://www.security-database.com/

A very good resource of wardialers
http://www.wyae.de/software/paw/

I’d like to announce the availability of a free security reconnaissance/firewall bypassing tool called 0trace written by Michal Zalewski. This tool enables the user to perform hop enumeration (”traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do.
The important benefit [...]

SinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has. More info:
http://www.gomor.org/sinfp .
SinFP has now 140 signatures. You can download it via CPAN, or via SourceForge:
https://sourceforge.net/projects/sinfp
Also, two benchmarks versus Nmap have been done:
http://www.phocean.net/index.php/post/2006/12/17/SinFP
http://www.computerdefense.org/?p=173
This new release has been tested under Solaris 8/SPARC, and [...]

Philipp Haupt and Matthias Hürlimann have developed an excellent open source VOIP security test tool called SIP Proxy. This tool can be used both as a proxy and as a VOIP fuzzing source.
Great tool ! SIP Proxy homepage on Sourceforge.