AppSec has a nice graphical set of slides that illustrate the most common database attacks. Here they are in reverse order and in terms of remediation:

1. Encrypt sensitive data at rest and in transit
2. Patch, patch, patch
3. Patch vulnerabilities that cause Denial of Service
4. Patch vulnerabilities that enable privilege escalation
5. Limit buffers
6. Turn off unsafe configurations
7. Remove and/or disable packages you do not use
8. Restrict privileges to users and groups
9. Sanitize input
10. Remove default, blank and weak log-in credentials

I would call that seven, not ten, but see for yourself.