Commercial scanner software certainly has its place in web testing. However manual testing and using the cutting edge tools that hackers use is more effective.
Starting with commercial scanners such as Nessus is a good idea.
Moving on from there one needs to start using the tools that hackers use and then the manual methods that hackers use.
This goes a long way to verify that the bad guys can’t get in with their arsenal.