I would think that the same techniques that work for any web server should work for Jetty web server. Look for default directories and applications that are almost always vulnerable. Check to see if directories that should be secure, are. SSL security is another check. Google searching for "Jetty vulnerability" reveals a few hits that may be interesting. I am not sure about using automated tools for this though.
This is Adobe Flex, right? It just builds Adobe Flash apps as far as I know. With Flash, you can try passive methods. Put a proxy (burp, tamper data, etc) on your session and see what comes over the wire. I suppose that any programming is done with Action Script in these applications. That's not my area at all. Yet, I would assume that the same principles apply for sanitizing user input.