How many people have used a commercial scanner to look for vulnerabilities in web applications? Lots of you, right.
And who thinks that the scanner they use is as good as it could possibly be?
Anyone? Anyone? Bueller?
I often talk to people about their experience with web scanning products, and these are the complaints I hear:
If you would like to see a web scanner that addresses some of these issues, then watch this space. If you would like to see one that addresses all of them, then experience a pleasurable quickening of the heart rate. And still watch this space.