diff --git a/plugins/baser-core/config/bootstrap.php b/plugins/baser-core/config/bootstrap.php
index c4d9e795b4..cb3122f409 100644
--- a/plugins/baser-core/config/bootstrap.php
+++ b/plugins/baser-core/config/bootstrap.php
@@ -36,11 +36,14 @@
 
 /**
  * キャッシュ設定
+ * ユニットテスト時に重複して設定するとエラーとなるため判定を入れている
  */
-if (Configure::read('debug')) {
-    Configure::write('Cache._bc_env_.duration', '+2 seconds');
+if (!Cache::getConfig('_bc_env_')) {
+    if (Configure::read('debug')) {
+        Configure::write('Cache._bc_env_.duration', '+2 seconds');
+    }
+    Cache::setConfig(Configure::consume('Cache'));
 }
-Cache::setConfig(Configure::consume('Cache'));
 
 /**
  * デフォルトバリデーションプロバイダー
diff --git a/plugins/baser-core/src/BcApplication.php b/plugins/baser-core/src/BcApplication.php
deleted file mode 100644
index 4a6802d2fe..0000000000
--- a/plugins/baser-core/src/BcApplication.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-/**
- * baserCMS :  Based Website Development Project <https://basercms.net>
- * Copyright (c) baserCMS User Community <https://basercms.net/community/>
- *
- * @copyright     Copyright (c) baserCMS User Community
- * @link          https://basercms.net baserCMS Project
- * @since         5.0.0
- * @license       http://basercms.net/license/index.html MIT License
- */
-
-namespace BaserCore;
-
-use Cake\Core\Configure;
-use Cake\Http\MiddlewareQueue;
-use Cake\Routing\Route\InflectedRoute;
-use Cake\Routing\RouteBuilder;
-use Cake\Http\BaseApplication;
-use BaserCore\Annotation\UnitTest;
-use BaserCore\Annotation\NoTodo;
-use BaserCore\Annotation\Checked;
-
-/**
- * Class BcApplication
- * @package BaserCore
- */
-class BcApplication extends BaseApplication
-{
-    /**
-     * bootstrap
-     * @checked
-     * @noTodo
-     */
-    public function bootstrap(): void
-    {
-        parent::bootstrap();
-        $this->addPlugin('BaserCore');
-    }
-
-    /**
-     * Routes
-     * @param \Cake\Routing\RouteBuilder $routes
-     * @checked
-     * @noTodo
-     */
-    public function routes($routes): void
-    {
-        $routes->prefix(
-            'Admin',
-            ['path' => Configure::read('BcApp.baserCorePrefix') . '/' . Configure::read('BcApp.adminPrefix')],
-            function(RouteBuilder $routes) {
-                $routes->connect('', ['controller' => 'Dashboard', 'action' => 'index']);
-                // CakePHPのデフォルトで /index が省略する仕様のため、URLを生成する際は、強制的に /index を付ける仕様に変更
-                $routes->connect('/{controller}/index', [], ['routeClass' => InflectedRoute::class]);
-                $routes->fallbacks(InflectedRoute::class);
-            }
-        );
-        parent::routes($routes);
-    }
-
-    /**
-     * Setup the middleware queue your application will use.
-     *
-     * @param \Cake\Http\MiddlewareQueue $middlewareQueue The middleware queue to setup.
-     * @return \Cake\Http\MiddlewareQueue The updated middleware queue.
-     * @checked
-     * @noTodo
-     */
-    public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
-    {
-        return $middlewareQueue;
-    }
-
-}
diff --git a/plugins/baser-core/src/Controller/Admin/PluginsController.php b/plugins/baser-core/src/Controller/Admin/PluginsController.php
index 3d49aafd80..f9ead05320 100644
--- a/plugins/baser-core/src/Controller/Admin/PluginsController.php
+++ b/plugins/baser-core/src/Controller/Admin/PluginsController.php
@@ -139,7 +139,7 @@ public function install($name)
         $this->setTitle(__d('baser', '新規プラグイン登録'));
         $this->setHelp('plugins_install');
 
-        if (!$isInstallable || !$this->request->is('post')) {
+        if (!$isInstallable || !$this->request->is('put')) {
             return;
         }
 
diff --git a/plugins/baser-core/tests/TestCase/Controller/PasswordRequestsControllerTest.php b/plugins/baser-core/tests/TestCase/Controller/PasswordRequestsControllerTest.php
index e75530c92c..c7462c9245 100644
--- a/plugins/baser-core/tests/TestCase/Controller/PasswordRequestsControllerTest.php
+++ b/plugins/baser-core/tests/TestCase/Controller/PasswordRequestsControllerTest.php
@@ -53,10 +53,12 @@ public function testEntry()
         $messages = TestEmailTransport::clearMessages();
 
         $this->enableSecurityToken();
+        $this->enableCsrfToken();
 
         $this->get('/baser/admin/password_requests/entry');
         $this->assertResponseOk();
 
+
         // メールアドレス送信
         $this->post('/baser/admin/password_requests/entry', [
             'email' => 'testuser1@example.com',
diff --git a/plugins/baser-core/tests/TestCase/Controller/PluginsControllerTest.php b/plugins/baser-core/tests/TestCase/Controller/PluginsControllerTest.php
index d6cee440fb..e20f621ed3 100644
--- a/plugins/baser-core/tests/TestCase/Controller/PluginsControllerTest.php
+++ b/plugins/baser-core/tests/TestCase/Controller/PluginsControllerTest.php
@@ -108,12 +108,12 @@ public function testAjax_delete_file()
     public function testDetachAndInstallAndUninstall(): void
     {
         $this->enableSecurityToken();
+        $this->enableCsrfToken();
         $this->post('/baser/admin/plugins/detach/BcSample');
         $this->assertFlashMessage('プラグインの無効化に失敗しました。');
         $this->post('/baser/admin/plugins/detach/BcBlog');
         $this->assertFlashMessage('プラグイン「BcBlog」を無効にしました。');
 
-        $this->enableSecurityToken();
         $this->put('/baser/admin/plugins/install/BcBlog', ['connection' => 'test']);
         $this->assertRedirect([
             'plugin' => 'BaserCore',
@@ -161,6 +161,7 @@ public function test_addPermission()
     public function testReset_db()
     {
         $this->enableSecurityToken();
+        $this->enableCsrfToken();
         $this->put('/baser/admin/plugins/reset_db/BcBlog', ['connection' => 'test', 'name' => 'BcBlog']);
         $this->assertRedirect([
             'plugin' => 'BaserCore',
diff --git a/plugins/baser-core/tests/TestCase/Controller/UserGroupsControllerTest.php b/plugins/baser-core/tests/TestCase/Controller/UserGroupsControllerTest.php
index 1654f76266..9dbd7add0d 100644
--- a/plugins/baser-core/tests/TestCase/Controller/UserGroupsControllerTest.php
+++ b/plugins/baser-core/tests/TestCase/Controller/UserGroupsControllerTest.php
@@ -84,7 +84,7 @@ public function testIndex_pagination()
     public function testAdd()
     {
         $this->enableSecurityToken();
-
+        $this->enableCsrfToken();
         $this->get('/baser/admin/user_groups/add');
         $this->assertResponseOk();
 
@@ -135,6 +135,7 @@ public function testDelete()
     public function testCopy()
     {
         $this->enableSecurityToken();
+        $this->enableCsrfToken();
         $this->post('/baser/admin/user_groups/copy/1');
         $this->assertResponseSuccess();
         $userGroups = $this->getTableLocator()->get('UserGroups');
diff --git a/plugins/baser-core/tests/TestCase/Controller/UsersControllerTest.php b/plugins/baser-core/tests/TestCase/Controller/UsersControllerTest.php
index 40cfd5d721..f0a6cd9e2e 100644
--- a/plugins/baser-core/tests/TestCase/Controller/UsersControllerTest.php
+++ b/plugins/baser-core/tests/TestCase/Controller/UsersControllerTest.php
@@ -84,6 +84,7 @@ public function testIndex_pagination()
     public function testAdd()
     {
         $this->enableSecurityToken();
+        $this->enableCsrfToken();
         $data = [
             'name' => 'Test_test_Man',
             'password_1' => 'Lorem ipsum dolor sit amet',
diff --git a/plugins/baser-core/tests/TestCase/Model/Table/PasswordRequestsTableTest.php b/plugins/baser-core/tests/TestCase/Model/Table/PasswordRequestsTableTest.php
index 34f00ae5fc..3ba1005b91 100644
--- a/plugins/baser-core/tests/TestCase/Model/Table/PasswordRequestsTableTest.php
+++ b/plugins/baser-core/tests/TestCase/Model/Table/PasswordRequestsTableTest.php
@@ -156,6 +156,7 @@ public function testUpdatePassword()
 
         // 変更後のパスワードでログイン
         $this->enableSecurityToken();
+        $this->enableCsrfToken();
         $this->post(Configure::read('BcPrefixAuth.Admin.loginAction'), [
             'email' => 'testuser1@example.com',
             'password' => 'test'