Since I’m on the subject of talking about security scanners, here’s a link to an article I wrote a couple of years ago that’s still very relevant. Check it out:
What to look for in a Web application security testing tool
Some of what I say in this piece supports my stance in the previous blog that you cannot automate this stuff and assume you’ve done your due diligence.