Well you should know at least some of the basic web attacks and how they work and how to prevent, like SQL injections, Cross-Site-Scripting and Cross Site Request Forgery, aso.
It's never bad, however it would be too much work to dive deep into this topic. If you work on a daily basis as a Pen-Tester your quality of work will always be better then someone that is just trying out things from time to time. And I don't think that pen-testing will be a essential part of "full-stack".