A typical point of entry is when a malicious actor compromises a third-party service your website uses. Here's the process: your server sends the web page, and your browser requests hundreds of external resources like analytics scripts, marketing tools, and payment processors. Then, an attacker can intercept just one of these requests and inject malicious code instead of the legitimate script.
Malicious scripts can also be injected through adverts, ad networks are essentially JS distribution networks for hire. A script on an ad network can steal credit card information and take sensitive tokens like session tokens. Therefore, if you have webpages where adverts and payments cross, it is best to be extra careful and implement a strict client-side security.
Client-side attacks typically occur when a malicious actor compromises a third-party service your website uses.
Traditional security tools are designed for server infrastructure and can't see what's executing in users' browsers.
Server-side security protects your infrastructure, while client-side security protects where your applications actually execute in users' browsers.
Client-side security is a critical subset of AppSec that focuses on protecting applications where they actually execute--in users' browsers.