If you’re using BlazeDS/Livecycle or some other backend integration services, you might want to take a look at deblaze. It’s a security tool that can be used to figure out exposed remote methods and other info. It gives you some examples about how you could use it and pointers to make things more secure.
