I wrote a tool called JavaSnoop for testing the security of thick Java clients, like desktop applications, applets and WebStart programs. It was released at BlackHat USA 2010. The project page is over at Aspect Security.