Jeremiah Grossman just posted (well...awhile ago) the official Top Ten Web Hacking Techniques.
I want to give a shout out to dean who did a great post on ActiveX repurposing or "0wning the client without an exploit" back in August. ActiveX repurposing is #9 in the Top 10, and #41 (blog post linked there) on the big list. Unfortunately He nor c0 was specifically mentioned in the top10 even though it was mentioned in the big list.
...maybe next year.