1. Almost everyone uses the Web
Use of the Web is everywhere, whether it's news, music, online shopping, banking, paying bills, or social networking. Almost anything you would want to do, and can be Web accessible, is. Since almost every Internet-connected uses the Web for something, that provides a very "target rich" environment for hackers.
2. The Web is accessible almost everywhere
Because so many people want to use the Web, for so many things, Web applications have to be available 24/7, 365 days a year. Furthermore, wireless access and public Web access are becoming expected, if not demanded, everywhere it's possible and reasonable to have it. Anonymous access is available at libraries, coffee shops, clubs, and other venues.
3. Web applications often have access to valuable data
Online shopping, banking, auction, investment applications, and others all require and provide access to valuable financial information for hackers. Criminal hackers have obtained account numbers, social security numbers, and credit card numbers from hacked Web sites. If users' sessions, passwords or personal info are hacked, these applications can be subverted, allowing theft of money, property, or even Identity Theft.
4. It's easy to hide Web applications & their communication
So much communication over the 'net is Web traffic, that it's (usually) easy to hide hacking communication and transfer amid all the valid traffic. Media and application data are often "wrapped" in HTML or use HTTP transfer. So, hackers use these methods too. Modern firewalls and intrusion detection software can often, but not always, detect this or prevent it.
5. Browser & Web application coding is easy
Delivering a virus or malware via a browser application from a compromised server is simple. It's especially simple if the user is uninformed or unprepared for the attack. The drive for browsers as a universal platform, and the demand for Web development tools both have made design and delivery of malware simpler than ever. Feature rich Web application platforms provide numerous means for exploitation.