Comment by Steffen Cope on "Is Penetration testing worth learning for a web/web App developer for future security purpose of SPA, will it also be a part of so called 'Full-Stack'?" | Hashnode
Not essential to 'full stack', but could be considered a 'full stack' skill too, really it fits under the ubrella of testing so it depends on where you work if testing is part of the devloper flow, or left to testers.