I have a Kendo UI Builder application that is calling a REST Service through our Progress Application Server.   The KUIB application is deployed in our DMZ and the PASOE REST service is internal.   Our Barracuda Web Application Firewall is blocking our REST service with 'SQL Injection in Parameter'.   What are some Best Practice / Security Tips that we should be aware of or consider?   

nowhere.com/.../HelloWorld "myValue = 'Hey' "}

log:

Attack:  SQL Injection in Parameter

Detail: type="sql-injection-medium" pattern="sql-quote" token="' or " Parameter="filter" value="{"ablFilter"\:"(myValue = 'Hey' "

Thanks in advance for the feedback.

Thanks, Randy