There are many
- Web scanners report a lot of false positives. Maybe back in the
daysscanners used to report a lot of false positives, though nowadays the Netsparker scanners are dead accurate thanks to the unique Proof-Based Scanning TMtechnology.
- There hasn’t been any particular breakthrough in the scanners’ industry, making the tools outdated.
- Scanners cannot scan and find vulnerabilities in modern Web 2.0+ / HTML5 / Single Page applications.
- Some security professionals tend to shy away from automation because they think tools such as black box scanners won't find anything that they can’t find manually.
- People believe that scanners can only find low-hanging fruit.