The two most relevant metrics for determining effectiveness of a web application testing tool are the number of vulnerabilities discovered and the number of false positives generated. False positives can cause, in many cases, the requirement of heavy manual labor to filter out false readings from huge amount of data.
The most advanced tools such as the ones that perform heuristic attack detection, have evolved from simple pattern matching (e.g. 404 error page detection) to slightly more flexible detection (e.g. user-configurable regular expressions).
Future trends will evolve into heuristic detection, which will consist of auto-generating detection through zero-day defense technology. Zero-day defense technology is the ability to learn from a pattern of known vulnerability behavior and then rule all unknown behavior as false positives (the same way some intrusion detection systems work today).
Currently, security testers use multiple tools, including commercial and open source tools and augument the tool deficiencies with manual analysis of the results. Just rely on tools analysis is not a guarantee of finding major vulnerabilities in an application. Overall most tools do not find more than perhaps 25-50% of known vulnerabilities in a typical application.
Some tool vendors allow users to extend the product capabilities by adding their own scripts or exploits which can help in increasing the number of vulnerabilities found, as well as to reduce false positives. Clearly, as the technology progresses, the sophistication of these products will continue to improve. In the meantime, there is no real substitute for the tester knowledge of application security. Testers need to focus on the most important security requirements, write a test plan and use tools that allow for both manual and automated analysis. Tools are only one factor of the equation, the other are people and process. Before to reccomend a tool for your organization, perform a proof of concept, especially look for flexibility in customizing the tool and to extend the tool functionality.