What are the security benefits of using a proxy server?

Webservers such as IIS, Apache, Tomcat and others that serve applications have a very large base of source code. This means that there is plenty of room to find security exploits as well as many other less harmful bugs. The exploits are often published on mailing lists such as those available through http://www.securityfocus.com/.

Proxy servers such as nginx are often "thinner", with smaller source code bases thatn the application web servers, and therefore have a smaller attack surface. Some exploits in IIS or Apache or other application web servers can therefore be masked by a proxy server that either does not have the same exploit or that can filter requests to prevent access to the exploit on the end server.

The proxy server can run on a minimal OS, such as a custom Linux filesystem that has very few services and executables on the filesystem other than the proxy server, so that if someone does manage to find an exploit in the proxy, there aren't enough executables in the proxy's OS (possible not even a shell program) to take advantage of the exploit. This is much safer than exposing a full-featured, general purpose OS to the Internet. Full featured OS's often have many exploits and usually need to have a full complement of utilities and shells in order to provide the desired service.

In general, the rate of exploit detection for application servers and full-featured operating systems together is much higher than the rate for the commonly used proxy servers and their OS's, so a proxy can buy you time to fix a back-end application server or OS vulnerability.

Although Wikipedia states "it does not provide any protection to attacks against the web application", in fact some proxy servers can perform HTTP request re-writing or filtering that can go a long way to preventing SQL injection and CSS attacks.