Techniques like DEP, NX, PaX, W^X etc only help against a specific type of attacks which uses buffer overflows or similar. Usually web applications are written in higher level languages which are not prone to this type of attack. The typical server side attacks against web applications are SQL injection, local and remote file inclusion, broken authentication etc and in none of these cases DEP will help.
But, these attacks where DEP does not help usually result only in non-privileged access to the server system. In order to get system privileges the attacker then uses local exploits which often work because of buffer overflows or similar. And in this case DEP or similar techniques can make it harder for the attacker to get system privileges. Which means that it is not DEP for the web applications itself which helps but DEP for the locally installed programs and for the kernel.
Of course there are also cases where the web application itself might profit from DEP. This is the case for applications written in lower level languages like C and C++. Such applications are often found in embedded devices (router etc).