Protecting your infrastructure with tools like firewalls, WAFs, and using vulnerability scanners is what server-side security is all about. The goal is to help harden your systems against attacks targeting your infrastructure. Client-side security focuses on where your application actually runs, which is inside your users' browsers. Applications use the browser extensively to perform certain tasks but so do bad actors.
In simple terms, server-side security protects your kitchen, while client-side security protects the meal after it is served. Both are important. Because the security focus has been mostly on server-side actions, attackers are increasingly targeting the client-side because it allows them to steal directly from users without ever touching your servers. Having protection on both sides ensures your environment is secure from end to end.
Compromising a third-party service your website relies on is one common way attackers get in.
Firewalls, WAFs, and vulnerability scanners are traditional security tools to protect your servers, but they can't see what's happening in your users' browsers.
Client-side security is a critical subset of AppSec that focuses on protecting applications where they actually execute--in users' browsers.
Protecting your website visitors from malicious JavaScript attacks that happen in their browsers is the goal of client-side security.